| | 1 | Script on PuffinServer to block IP addresses using IP tables: |
| | 2 | |
| | 3 | {{{ |
| | 4 | #!/usr/bin/env bash |
| | 5 | |
| | 6 | # location of the logchange script |
| | 7 | DIR=/usr/local/webarch |
| | 8 | LOGCHANGE="$DIR/bin/logchange" |
| | 9 | |
| | 10 | # check that the script is being run by root |
| | 11 | if [[ "$(id -u)" != "0" ]] ; then |
| | 12 | echo "You must run '$0' as root or via sudo" |
| | 13 | exit 1 |
| | 14 | fi |
| | 15 | |
| | 16 | # check that the logchange script is installed |
| | 17 | if [[ ! -f "${LOGCHANGE}" ]] ; then |
| | 18 | echo "You need to install the '${LOGCHANGE}' script before you can run $0" |
| | 19 | exit 2 |
| | 20 | fi |
| | 21 | |
| | 22 | # check for a IP address on standard input |
| | 23 | if [[ $1 ]]; then |
| | 24 | IP="$1" |
| | 25 | elif [[ ! "$1" ]]; then |
| | 26 | echo "Type IP address you would like dropped and then [ENTER]:" |
| | 27 | read ip |
| | 28 | IP=${ip} |
| | 29 | fi |
| | 30 | |
| | 31 | # drop the ip address |
| | 32 | iptables -I INPUT -s $IP -j DROP |
| | 33 | # save the changes |
| | 34 | bash -c "iptables-save > /etc/network/iptables.save" |
| | 35 | # record the changes |
| | 36 | logchange "$IP : dropped" |
| | 37 | |
| | 38 | exit 0 |
| | 39 | }}} |
