| | |

Blokuojam ip pagal šalis [iptables]

ico-terminalPridedu, skriptas:

#!/bin/bash
# This Script is for blocking ips of countries you want  #
####################################
cd /root/
NOW=$(date +"%Y-%m-%d")
echo ""
echo "Blocking IPS of any country"
echo ""
echo "To know code of countries which you want to block"
echo "you can enter ( http://www.ipdeny.com )"
echo ""
sleep 3
echo "Please type code of country Ex. ( cn ) for China "
echo -n " Enter Code : "
read code
wget -c --output-document=tmp_ips4countries.txt http://www.ipdeny.com/ipblocks/data/countries/$code.zone

echo "# ".$NOW." Country: ".$code >  block_ip_list.txt
cat tmp_ips4countries.txt >>  block_ip_list.txt

echo " Downloaded qt: "
wc -l tmp_ips4countries.txt

rm tmp_ips4countries.txt
echo "Done"

echo "Do you want block IP now? (y/N)"
read ansv

if [[ $ansv == "y" ]]
then
echo $NOW - $code >> block.log

################################
# add Banned IP's to firewall can be single IP, CIDR, or a RANGE
#
#save iptable
NOW=$(date +"%m-%d-%Y")
iptables-save > /root/backup_iptables/$NOW.iptables.conf
#blocking
VISO=0
BLOCK_LIST=/root/block_ip_list.txt
if [ ! -f $BLOCK_LIST ]
then
echo "Unable to add blocks to IPTABLES because file $BLOCK_LIST is missing"
exit
fi
CURRENT_RULES=`iptables -nL`

while read entries ;do
# skip comment lines starting with ; or #
case $entries in
\#*|\;*)
continue
;;
esac

if [[ $CURRENT_RULES =~ $entries ]]
then
printf "%-20s %20s\n" $entries 'already referenced in iptable - skipping'
else
# is this CIDR, range or single IP?
if [[ $entries =~ "-" ]]
then
#--src-range
printf "%-20s %20s %1s %1s\n" 'ADDING RULE:' 'iptables -A INPUT --src-range' $entries '-j DROP'
iptables -A INPUT --src-range $entries -j DROP
let VISO=VISO+1
else
#--CIDR or single
printf "%-20s %20s %1s %1s\n" 'ADDING RULE:' 'iptables -A INPUT -s' $entries '-j DROP'
iptables -A INPUT -s $entries -j DROP
let VISO=VISO+1
fi
fi
done < $BLOCK_LIST
echo "Added IP: " $VISO

######################
fi
echo  "Done"
Kviečiu įvertinti įrašą!
[Viso: 0 Vidurkis: 0]

Similar Posts

Parašykite komentarą

El. pašto adresas nebus skelbiamas.

+ 70 = 79