#!/bin/bash # Simple iptables IP/subnet block script # ------------------------------------------------------------------------- IPT=`which iptables` SPAMLIST="spamlist" SPAMDROPMSG="SPAM LIST DROP" BADIPS=$(egrep -v -e "^#|^$" /etc/iptables/blocked.ips) # create a new iptables list $IPT -N $SPAMLIST for ipblock in $BADIPS do $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG" $IPT -A $SPAMLIST -s $ipblock -j DROP done $IPT -I INPUT -j $SPAMLIST $IPT -I OUTPUT -j $SPAMLIST $IPT -I FORWARD -j $SPAMLIST
Create a file /etc/iptables/blocked.ips:
put IP addresses here! (one per line)
edit file /etc/boot.local and add this line:
/etc/iptables/blockip.sh
No comments:
Post a Comment