jau also hab nen kleines script dafuer geschrieben
PHP-Code:
#!/usr/bin/perl
my @ports = (110,25);
my @newRules =
(
'iptables -I INPUT -s host1.ath.cx -d die.ip.vom.server -p tcp --dport 110 -j ACCEPT',
'iptables -I INPUT -s host2.ath.cx -d die.ip.vom.server -p tcp --dport 110 -j ACCEPT',
'iptables -I INPUT -s host1.ath.cx -d die.ip.vom.server -p tcp --dport 25 -j ACCEPT',
'iptables -I INPUT -s host2.ath.cx -d die.ip.vom.server -p tcp --dport 25 -j ACCEPT'
);
my $ipTabelle = `iptables -nvL INPUT`;
my @ipTable = split("\n", $ipTabelle);
foreach $rule(@ipTable) {
foreach $port(@ports) {
if ($rule =~ /dpts?:\s?$port/) {
# 0 0 ACCEPT tcp -- * * 80.80.80.80 82.82.82.82.82 tcp dpt:25
($a,$a,$method,$protokoll,$a,$a,$a,$ip,$host, @args) = split(" ", $rule);
if ($ip eq '0.0.0.0/0') { $strTarget = '' }
else {$strTarget = '-s ' . $ip }
if ($host eq '0.0.0.0/0') { $strHost = '-i eth0' }
else { $strHost = '-d ' . $host }
if ($which = in_array('state', @args)) {
$strState = '-m state --state ' . $args[$which];
}
print "iptables -D INPUT $strTarget $strHost $strState -p $protokoll --dport $port -j $method\n";
system("iptables -D INPUT $strTarget $strHost $strState -p $protokoll --dport $port -j $method");
}
}
}
foreach $rule(@newRules) {
print $rule . "\n";
system($rule);
}
sub in_array() {
my $val = shift(@_);
$i = 1;
foreach $elem(@_) {
if($val eq $elem) {
return $i;
}
$i++;
}
return ;
}
lass ich als 10 minuetigen cron laufen
Lesezeichen