add iptables blacklist

2023-02-05 17:58:15 +01:00 · 2023-02-05 17:58:15 +01:00 · c7ddbd20b6
commit c7ddbd20b6
parent cc219924cc
1 changed files with 3 additions and 1 deletions
--- a/roles/deploy-web/files/blacklist.sh
+++ b/roles/deploy-web/files/blacklist.sh
@ -6,6 +6,9 @@ BLACKLIST=/etc/sentinel/blacklist
 chain_count=$(iptables -L BLACKLIST | wc -l)
 if [ ${chain_count} -eq 0 ]; then
 	iptables -N BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
+
 fi
 if [ ! -f ${BLACKLIST} ]; then
 	touch ${BLACKLIST}
@ -49,5 +52,4 @@ do
 		cat ${BLACKLIST} >> ${MAIL}
 		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
 	fi
-	#rm $directory_host/*
 done