If you get the ip addresses into a text file - or many text files in one
directory - I use this.
# --- Filter Hackers
# The idea is that this can filter hackers from known IP address
# and filter packets before they even atempt to talk to services
# The directory /etc/blockip contains files that contain lists
# of IP addresses that are blocked on this system. These are IPs
# of people who have tried to hack us, spam blogs, and other troublemakers.
echo
echo "# Block all connections from these IP addresses"
echo
for blacklist in /etc/blockip/* ; do
echo ""
echo "Blocking IP addresses in list $blacklist"
echo ""
for ipaddress in $( grep -v ^# $blacklist | awk '{print $1}' ); do
iptables -v -A INPUT -s $ipaddress -j DROP
done
done
David Murphy wrote:
>I have been trying to work out a way so if a sbl/rbl match is found rather
>than just denying the connection . I can have that same acl pipe to iptables
>and add a iptable deny rule.
>
>Every method ive tried from a pipe to a execute has failed someone please
>help me.
>
>
>
