Shulou(Shulou.com)06/03 Report--

This article mainly introduces "how to implement Shell script with iptables to block IP access from a country". In daily operation, it is believed that many people have doubts about how to implement Shell script with iptables to block IP access from a country. The editor consulted all kinds of materials and sorted out simple and useful operation methods. I hope it will be helpful for you to answer the question of "how to implement Shell scripts with iptables to block IP access from a country"! Next, please follow the editor to study!

The method is easy, first go to IPdeny to download the IP address list compiled in the country code, such as downloading cn.zone:

The code is as follows:

# wget http://www.ipdeny.com/ipblocks/data/countries/cn.zone

With all the IP addresses of the country, it's easy to block these IP. Just write a script to read the cn.zone file line by line and add it to the iptables:

The code is as follows:

#! / bin/bash

# Block traffic from a specific country

# written by vpsee.com

COUNTRY= "cn"

IPTABLES=/sbin/iptables

EGREP=/bin/egrep

If ["$(id-u)"! = "0"]; then

Echo "you must be root" 1 > & 2

Exit 1

Fi

Resetrules () {

$IPTABLES-F

$IPTABLES-t nat-F

$IPTABLES-t mangle-F

$IPTABLES-X

}

Resetrules

For c in $COUNTRY

Do

Country_file=$c.zone

IPS=$ ($EGREP-v "^ # | ^ $" $country_file)

For ip in $IPS

Do

Echo "blocking $ip"

$IPTABLES-An INPUT-s $ip-j DROP

Done

Done

Exit 0

Both good IP and bad IP are blocked, of course, this method is not clever, and blocking IP does not solve the problem of being attacked, but it is the first step to solve the problem. Only after blocking the source of attack can we have the bandwidth, time and mood to check the security of VPS. Publish a network traffic diagram of our customer being attacked. All bandwidth is occupied by the attack traffic between 18:00 and 0: 00. At this time, the customer cannot log in to VPS and visitors cannot access the website:

At this point, the study on "how to implement Shell scripts with iptables to block IP access from a country" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.