Last active
June 25, 2017 15:12
-
-
Save liruqi/dbd2fe1348d2fc72ffcb to your computer and use it in GitHub Desktop.
iptables conf for 80 port HTTP proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Drop ad click | |
| IPSET=`which ipset` | |
| match_set="" | |
| if [ -x "$IPSET" ]; then | |
| if $IPSET --version; then | |
| if [ ! -f CHINA ]; then | |
| wget "https://raw.github.com/liruqi/west-chamber-season-3/master/CHINA" | |
| fi | |
| match_set="-m set --match-set CHINA src" | |
| $IPSET -R < CHINA | |
| fi | |
| fi | |
| # http://serverfault.com/questions/548666/how-do-i-allow-only-certain-ipset-sets-to-access-a-certain-port-with-iptables | |
| iptables -A INPUT -p tcp -m set --match-set ALIYUN src -m tcp --dport 81:999 -j REJECT | |
| iptables -A INPUT -m set --match-set CHINA src -p tcp --dport 81:999 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 81:999 -j DROP | |
| iptables -A INPUT -m set --match-set CHINA src -p tcp --dport 25 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 25 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 15.0.0.0-27.0.0.0 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 28.0.0.0-49.0.0.0 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 62.0.0.0-110.0.0.0 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 169.0.0.0-175.0.0.0 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 184.0.0.0-192.0.0.0 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 -m iprange --src-range 204.0.0.0-210.0.0.0 -j DROP | |
| #forbid users to visit baidu.com / m.baidu.com | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 123.125.114.0/24 -j REJECT | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 180.149.132.0/24 -j REJECT | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 220.181.57.0/24 -j REJECT | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 111.13.101.0/24 -j REJECT | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 103.235.46.0/24 -j REJECT | |
| iptables -A OUTPUT -p tcp --dport 80 --dst 61.135.186.0/24 -j REJECT | |
| #Drop baidu spider | |
| iptables -A INPUT -p tcp --destination-port 80 --src 118.186.245.9 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 115.159.86.16 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 115.159.49.65 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 115.159.69.97 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 115.159.86.23 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 182.118.33.79 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 182.118.33.77 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 182.118.33.76 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 182.118.33.78 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 222.186.34.13 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 222.186.34.31 -j DROP | |
| iptables -A INPUT -p tcp --destination-port 80 --src 213.239.200.142 -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment