所以我有以下脚本来阻止 IP:
#!/bin/bash
# here's your list of IPS
CURRENT_BL=/path/to/my/ip_black_list.txt
# create/flush recreate the tables
iptables -F BLACKHOLE
iptables -N BLACKHOLE
for BAD_IP in $(cat $CURRENT_BL)
do
ipset add ipset-blacklist $BAD_IP 2>/dev/null || \
echo "Failed to add ${BAD_IP}"
done
# REJECT the matching target
iptables -A BLACKHOLE -p all -m set --match-set ipset-blacklist src -j REJECT
iptables -A BLACKHOLE -j RETURN
# assume your nginx is on 80 and 443
iptables -A INPUT -p tcp -m multiport --destination-ports 80,443 …