![]() ![]() Iptables -h (print this help information) Commands Iptables -E old-chain-name new-chain-name Iptables - chain rulenum rule-specification ![]() Basic Usage iptables - chain rule-specification 9 Firewall blocks DHCP renewal responses.6.11 Reject clients from accessing the router's configuration.6.10 Block all traffic except HTTP HTTPS and FTP.6.9 Allow HTTP traffic only to specific domain(s).6.8 Block outgoing SMTP traffic except from specified hosts.6.7 Block SMTP traffic except to specified hosts.6.6 Deny access to a specific Outbound IP address with logging.6.5 Deny access to a specific IP address range with Logging.6.3 Deny access to a specific IP address.6.2 Port Forwarding to a specific LAN IP.I've added individual chains for each list for more verbose logging that will log which blocklist the dropped ip is coming from should you have multiples. I'm not wildly familiar with ipsets but this makes for a much faster method of downloading, parsing and adding blocks. Iptables -A INPUT -m set -match-set $key src -j $key Iptables -A $key -j DROP # Drop after logging ![]() Iptables -A $key -p icmp -m limit -limit 5/min -j LOG -log-prefix "Denied $key ICMP: " -log-level 7 Iptables -A $key -p udp -m limit -limit 5/min -j LOG -log-prefix "Denied $key UDP: " -log-level 7 Iptables -A $key -p tcp -m limit -limit 5/min -j LOG -log-prefix "Denied $key TCP: " -log-level 7 Iptables -X $key # Delete list chain if existed Iptables -F $key # Flush list chain if existed Iptables -D INPUT -m set -match-set $key src -j $key # Delete link to list chain from INPUT # TODO method for determining appropriate maxelemÄone < <(zcat /tmp/blacklist_$key.gz | sed '1,2d' | sed s/.*://) Ipset create $key hash:net maxelem 400000 ![]() Wget -output-document=/tmp/blacklist_$key.gz -w 3 $ I had originally used as an example and tidied up / changed parts of the script to pretty close to what's below: #!/bin/bash I am trying to use blocklists to add regional blocks (China, Russia.) to my firewall rules and am struggling with the length it takes my script to complete and understanding why a different script fails to work. I am using Ubuntu Server 14.04 32bit for the following. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |