动态iptables 防火墙
2007-03-04 12:42:32 来源:WEB开发网核心提示: ipdrop 脚本会立即阻止 129.24.8.1,这是本周 Bob 的当前恶意 IP 地址,动态iptables 防火墙(3),这个脚本明显提高了您的防御能力,因为现在阻止 IP 并不是件费神的事
ipdrop 脚本会立即阻止 129.24.8.1,这是本周 Bob 的当前恶意 IP 地址。这个脚本明显提高了您的防御能力,因为现在阻止 IP 并不是件费神的事。现在,让我们看一下 ipdrop 脚本的实现:
ipdrop bash 脚本
#!/bin/bash
source /usr/local/share/dynfw.sh
args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious
networks/hosts/DoS"
if [ "$2" == "on" ]
then
#rules will be appended or inserted as normal
APPEND="-A"
INSERT="-I" rec_check ipdrop $1 "$1 already blocked" on
record ipdrop $1
elif [ "$2" == "off" ]
then
#rules will be deleted instead
APPEND="-D"
INSERT="-D" rec_check ipdrop $1 "$1 not currently blocked" off
unrecord ipdrop $1
else
echo "Error: "off" or "on" expected as second argument"
exit 1
fi
#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.
iptables $INSERT INPUT -s $1 -j DROP
iptables $INSERT OUTPUT -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP
iptables $INSERT FORWARD -s $1 -j DROP
echo "IP ${1} drop ${2}."
中查找“动态iptables 防火墙”更多相关内容
中查找“动态iptables 防火墙”更多相关内容更多精彩
赞助商链接
