我有一个文本文件,里面有一些像这样的黑名单 IP
105.159.179.241
109.128.60.28
109.193.162.27
我很难逐一阻止 IP。
我想一次性阻止此文本文件中的所有 IP,我该怎么做?
我正在使用这种方式iptables
来阻止ip
,但我必须一个接一个地做,我想一次阻止所有
iptables -A INPUT -s the ip to drop -j DROP
我尝试过这样的事情
INTEX="eth1"
# CHANGE THIS
badip=/root/badip.db
IPT=/sbin/iptables
# delete previous droplist (INPUT,OUTPUT,FORWARD)
$IPT -D INPUT -j droplist
$IPT -D OUTPUT -j droplist
$IPT -D FORWARD -j droplist
# [FLUSH OLD RULES]
$IPT -F droplist
# [DROP OLD CHAIN]
$IPT -X droplist
# [CREATE CHAIN]
$IPT -N droplist
/bin/egrep -v "^#|^$" $badip | while IFS= read -r ip
do
$IPT -A droplist -i $INTEX -s $ip -j LOG --log-prefix " myBad IP BlockList "
$IPT -A droplist -i $INTEX -s $ip -j DROP
done < "$badip"
# Drop it
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist
但我得到了
' not found.4.21: host/network `105.159.179.241
Try `iptables -h' or 'iptables --help' for more information.
我的网络接口
#first
auto eth0:0
iface eth0:0 inet static
address xx.xx.xx.xx
netmask 255.255.255.0
gateway 91.134.249.254
broadcast 91.134.249.227
#second
auto eth0:1
iface eth0:1 inet static
address xx.xx.xx.xx
netmask 255.255.255.0
gateway xx.xx.xx.xx
broadcast xx.xx.xx.xx
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address xx.xx.xx.xx
netmask 255.255.255.255
post-up /sbin/ip route add xx.xx.xx.xx dev eth0
post-up /sbin/ip route add default via xx.xx.xx.xx
pre-down /sbin/ip route del default via xx.xx.xx.xx
pre-down /sbin/ip route del xx.xx.xx.xx dev eth0
dns-nameserver xx.xx.xx.xx
dns-search ovh.net
将文件转换为 dos 格式后,我得到了
: not foundk.sh: 6: ./masipblock.sh: iptables
: not foundk.sh: 7: ./masipblock.sh: iptables
: not foundk.sh: 8: ./masipblock.sh: iptables
: not foundk.sh: 10: ./masipblock.sh: iptables
: not foundk.sh: 12: ./masipblock.sh: iptables
: not foundk.sh: 14: ./masipblock.sh: iptables
./masipblock.sh: 19: ./masipblock.sh: Syntax error: "done" unexpected (expecting "do")
我重新做了 dos 格式,现在它只出现了
./masipblock.sh: 1: ./masipblock.sh: Syntax error: "(" unexpected
我从头重写了剧本,这就是现在的样子
#DROP OLD CHAIN
$IPT -X droplist
#CREATE CHAIN
$IPT -N droplist/bin/egrep -v "^#|^$" $badip | while IFS= read -r ip
do
$IPT -A droplist -i $INTEX -s $ip -j LOG --log-prefix " myBad IP BlockList "
$IPT -A droplist -i $INTEX -s $ip -j DROP
done < "$badip"
#Dropit
$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist
od
0000000 I N T E X = " e t h 0 " \r # C
0000020 H A N G E T H I S \r b a d i p
0000040 = / r o o t / b a d i p . d b \r
0000060 I P T = / s b i n / i p t a b l
0000100 e s \r # d e l e t e p r e v
0000120 i o u s d r o p l i s t ( I
0000140 N P U T , O U T P U T , F O R W
0000160 A R D ) \r $ I P T - D I N P
0000200 U T - j d r o p l i s t \r $
0000220 I P T - D O U T P U T - j
0000240 d r o p l i s t \r $ I P T -
0000260 D F O R W A R D - j d r o
0000300 p l i s t \r # [ F L U S H O
0000320 L D R U L E S ] \r $ I P T -
0000340 F d r o p l i s t \r # [ D R
0000360 O P O L D C H A I N ] \r $ I
0000400 P T - X d r o p l i s t \r #
0000420 [ C R E A T E C H A I N ] \r
0000440 $ I P T - N d r o p l i s t
0000460 \r / b i n / e g r e p - v "
0000500 ^ # | ^ $ " $ b a d i p |
0000520 w h i l e I F S = r e a d
0000540 - r i p \r d o \r
0000560 $ I P T - A d r o p l i s
0000600 t - i $ I N T E X - s $
0000620 i p - j L O G - - l o g -
0000640 p r e f i x " m y B a d I
0000660 P B l o c k L i s t " \r
0000700 $ I P T - A d
0000720 r o p l i s t - i $ I N T E
0000740 X - s $ i p - j D R O P
0000760 \r d o n e < " $ b a d i p "
0001000 \r # D r o p i t \r $ I P T
0001020 - I I N P U T - j d r o p
0001040 l i s t \r $ I P T - I O U T
0001060 P U T - j d r o p l i s t \r
0001100 $ I P T - I F O R W A R D
0001120 - j d r o p l i s t \r
我使用 nano 作为编辑器./masipblock.sh:第 1 行:意外标记“(”附近有语法错误 'IPT -I FORWARD -j droplist $INTEX -s $ip -j DROP--log-prefix " myBad IP BlockList "
答案1
这就是你的问题:
0000060 b \r \n IPT = /sbin/ipt
0000100 ables \r
\n # 删除
这\r
会使你的外壳混乱。
尝试不同的文本编辑器或使用类似的如何从 wget 文件中删除 CRLF 行终止符?解决你的问题,即;
cat masipblock.sh | tr -d '\r' > masipblock2.sh
chmod +x masipblock2.sh
./masipblock2.sh