Mostly it consists of iterating over lists of IP addresses and specifying rules for them.
Code:
for a in $(cat /path/to/some/address/list)
do
/sbin/iptables -A INPUT -s $a -j REJECT
done
For one client, we have a large number of such lists. For instance, the PR staff can visit Facebook, but not ordinary office staff.
I also run a script overnight that compiles the number of apparent spam emails sent from each remote IP address and adds iptables rules blocking access by the more egregious spammers.
All of these scripts use the iptables commands themselves without any wrapper.
Bookmarks