DDOSがあったとき用
固定IPからのDOSだったら必要ない。
https://ipv4.fetus.jp
のiptablesのテンプレートを使います。
下記では中国と香港
#!/bin/sh
SCRIPT_PATH=`echo $(cd $(dirname $0);pwd)`
if [ "$1" != "nodl" ]; then
wget https://ipv4.fetus.jp/cn.iptables.txt
wget https://ipv4.fetus.jp/hk.iptables.txt
fi
sed -i -e 's/RULE1/INPUT/g' ${SCRIPT_PATH}/*.iptables.txt
sed -i -e 's/RULE2/DROP/g' ${SCRIPT_PATH}/*.iptables.txt
cat<<EOH > ${SCRIPT_PATH}/iptables_rule
*filter
:INPUT ACCEPT [31580185:2797673841]
:FORWARD ACCEPT [0:0]
EOH
cat ${SCRIPT_PATH}/*.iptables.txt >> ${SCRIPT_PATH}/iptables_rule
cat<<EOH >> ${SCRIPT_PATH}/iptables_rule
:OUTPUT ACCEPT [32611784:84418991788]
COMMIT
EOH
echo "Please check ${SCRIPT_PATH}/iptables_rule"
echo "If there is no problem, execute the following"
echo ""
echo "iptables-restore < ${SCRIPT_PATH}/iptables_rule"
