利用iptable屏蔽特定网站（转载）

//转载请出自出处：http://blog.youkuaiyun.com/david_luyang/archive/2011/04/10/6313448.aspx

 

#!/bin/sh
#Filename: block_ip.sh
# Purpose: blocks all IP address/network found in a text file
# The text file must have one IP address or network per line
#################################################################

# Change the following path/filename to match yours
IP_LIST_FILE=path/to/bad.ip.txt
#Follwing orders be used to maintain the file of above
sed -i '/Address/!d' $IP_LIST_FILE
sed -i '/#/d' $IP_LIST_FILE
sed -i 's/.........//' $IP_LIST_FILE

#################################################################
# Don't change anything below unless you are a smarty pant!
#################################################################
IPTABLES_BIN=/sbin/iptables

# Get the IP address/network from the file and ignore any line starting with # (comments)
BAD_IP_ADDR_LIST=$(grep -Ev "^#" $IP_LIST_FILE)

# Now loop through the IP address/network list and ban them using iptabels
for i in $BAD_IP_ADDR_LIST
do

echo -n "Blocking $i ...";
$IPTABLES_BIN -A INPUT -s $i -j DROP
$IPTABLES_BIN -A OUTPUT -d $i -j DROP

echo "DONE.";
done
#iptables -save >/etc/sysconfig/iptables
service iptables save
service iptables restart
echo "This is made by david_luyang.Thanks for using";
##################################################################
# END OF SCRIPT - NOTHING TO SEE HERE - THAT'S ALL FOLKS!
##################################################################

 

 

具体操作步骤如下：

1:#mkdir /path/to/file

2:#touch /path/to/file/bad.ip.txt

3:#nslookup www.***.com >> bad.ip.txt

4:重复第3步，直到你把所有想屏蔽的网站输入完毕

5:#sh /path/to/**.sh（你脚本的名字）

6:屏蔽工作完成