add_ipset.sh

#!/bin/bash
# add_ipset.sh  批量从 iplist 按行导入 ipset

let i=1

while read -r line || [[ -n $line ]]; do
  echo -e "${i}  ${line}"  &&  let i++
  ipset add blacklist $line
done < $1

#########################################################################################
#  ipset create blacklist hash:net maxelem 1000000    # 1.创建一个ipset 黑名单
#  ipset create whitelist hash:net maxelem 1000000    # 白名单

#  ipset list  #  ipset list blacklist    # 2.查看已创建的ipset

#  ipset add blacklist 10.60.10.xx        # 3.加入一个名单ip

#  ipset del blacklist 10.60.10.xx        # 4.去除名单ip

#  5.创建防火墙规则,与此同时,allset这个IP集里的ip都无法访问80端口(如:CC攻击可用)
#  iptables -I INPUT -m set --match-set blacklist src -p tcp -j DROP
#  iptables -I INPUT -m set --match-set whitelist src -p tcp -j DROP
#  service iptables save
#  iptables -I INPUT -m set --match-set setname src -p tcp –destination-port 80 -j DROP

#  ipset save blacklist -f blacklist.txt          #  6.将ipset规则保存到文件
#  ipset save whitelist -f whitelist.txt

#  ipset destroy blacklist   #  ipset restore -f whitelist.txt     # 7.删除ipset

#  ipset restore -f blacklist.txt    # 8.导入ipset规则
#########################################################################################

0 条评论

发表回复

Avatar placeholder

您的邮箱地址不会被公开。 必填项已用 * 标注