Version 1 (modified by chris, 3 years ago) (diff) |
---|
Script in /usr/local/bin on Crin2 to drop abusive IP addresses:
ipdrop
#!/usr/bin/env bash # location of the logchange script, we assume it has been # installed int he same directory as this script is in #DIR="/usr/local/bin" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" LOGCHANGE="$DIR/logchange" # check that the script is being run by root if [[ "$(id -u)" != "0" ]] ; then echo "You must run '$0' as root or via sudo" exit 1 fi # check that the logchange script is installed if [[ ! -f "${LOGCHANGE}" ]] ; then echo "You need to install the '${LOGCHANGE}' script before you can run $0" exit 2 fi # check for a IP address on standard input if [[ $1 ]]; then IP="$1" elif [[ ! "$1" ]]; then echo "Type IP address you would like dropped and then [ENTER]:" read ip IP=${ip} fi # drop the ip address iptables -I INPUT -s $IP -j DROP # save the changes bash -c "iptables-save > /etc/network/iptables.save" # record the changes logchange "$IP : dropped" exit 0