Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # here's your list of IPS
- CURRENT_BL=/path/to/my/ip_black_list.txt
- # create/flush recreate the tables
- iptables -F BLACKHOLE
- iptables -N BLACKHOLE
- for BAD_IP in $(cat $CURRENT_BL)
- do
- ipset add ipset-blacklist $BAD_IP 2>/dev/null ||
- echo "Failed to add ${BAD_IP}"
- done
- # REJECT the matching target
- iptables -A BLACKHOLE -p all -m set --match-set ipset-blacklist src -j REJECT
- iptables -A BLACKHOLE -j RETURN
- # assume your nginx is on 80 and 443
- iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j BLACKHOLE
- iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 -j ACCEPT
- ipset add ipset-blacklist X.X.X.X
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement