Last active
July 8, 2023 21:48
-
-
Save mikroskeem/43dbf6a4478234464b3ea48d4705849f to your computer and use it in GitHub Desktop.
Allow only TCPShield IPs to connect to your server, using iptables & ipset
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| iptables -A INPUT -m set --match-set tcpshield-ips src -p tcp --dport 32767 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 32767 -j DROP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| set_name="tcpshield-ips" | |
| set_exists="$(ipset list -n | grep -c "^${set_name}$")" | |
| target_set_name="${set_name}" | |
| if [ "${set_exists}" -gt 0 ]; then | |
| set_name="${set_name}_${RANDOM}" | |
| fi | |
| ipset create "${set_name}" hash:net | |
| curl -s https://tcpshield.com/v4/ | while read -r ip; do | |
| ipset add "${set_name}" "${ip}" | |
| done | |
| if [ "${set_name}" != "${target_set_name}" ]; then | |
| ipset swap "${set_name}" "${target_set_name}" | |
| ipset destroy "${set_name}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment