Last active
February 24, 2019 02:38
-
-
Save sshimko/342b6fb9b4e3f24505143f61dab72966 to your computer and use it in GitHub Desktop.
Add IPs to ipset amd use iptables to drop
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
SETNAME=baddies | |
echo "Current stats of ipset ${SETNAME}" | |
iptables -LINPUT -n -v | head -n2 | |
iptables -LINPUT -n -v | grep ${SETNAME} | |
echo -e "\nCreating or flushing the \"${SETNAME}\"." | |
# Block brute force attemps with ipset which is the better solution | |
# when mass-adding IPs to netfilter | |
ipset -exist -N ${SETNAME} iphash | |
ipset flush ${SETNAME} | |
echo "Re-poopulating set \"${SETNAME}\". This might take a few seconds..." | |
x=0 | |
for l in `cat /home/toor/ips.txt| tr ',' '\n' | tr -d ' ' |sort| uniq` ; do | |
ipset -A ${SETNAME} $l || echo " Failed to add $l." | |
((++x)) | |
done | |
echo -e "\nAdded $x IP adresses to set ${SETNAME}.\n" | |
echo "Re-initializing iptables set match rule." | |
iptables -D INPUT -m set --set ${SETNAME} src -j DROP 2>&1 >/dev/null | |
iptables -I INPUT -m set --set ${SETNAME} src -j DROP | |
echo "New stats of ipset ${SETNAME} (probably 0)" | |
iptables -LINPUT -n -v | head -n2 | |
iptables -LINPUT -n -v | grep ${SETNAME} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment