Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fail2ban 으로 jail 된 IP 를 firewall 에서 차단하기 위한 script
#!/bin/bash
function usage {
echo "USAGE: $0 param"
echo ""
echo "$0 -i block-ip1,block-ip2"
echo "$0 -f block-ip-file"
exit 1
}
if [ "$#" -lt 1 ]; then
usage;
fi
PARAM="f:i:h";
while getopts $PARAM opt; do
case $opt in
f)
while IFS='' read -r line || [[ -n "$line" ]]; do
# echo "Block IP: $line"
## 맨 앞에 , 가 붙는 걸 방지하기 위해 IPS 변수의 length 확인
if [ -z "$IPS" ];then
IPS="$line";
else
IPS="$IPS,$line";
fi
done < "$OPTARG"
;;
i)
IPS=$OPTARG;
;;
*)
usage;
;;
esac
done
#echo "To be blocked IPS=$IPS"
IFS=','
for ip in $IPS; do
CMD="firewall-cmd --zone=dmz --add-rich-rule='rule family=\"ipv4\" source address=\"${ip}\" drop'"
echo "${CMD} --permanent" | bash -x
echo ""
RELOAD="firewall-cmd --reload"
echo "${RELOAD}" | bash -x
done
echo "if you want to remove rich-rule run this"
echo "firewall-cmd --permanent --zone=dmz --add-rich-rule='rule family=\"ipv4\" source address=\"remove-ip-here\" drop'"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.