On Thursday 22 April 2004 5:47 pm, Roque wrote: > Hi all, i wonder if someone could help me with a little problem ... > I need to ban a number of IPŽs that are posted in a plain text file on > a web site; the file changes every 30Min. The file is as simple as > > banned-ip1 #Reason1 > banned-ip2 #Reason > ... > The url can be reached in this way: http://www.url.com/ip/banned.txt > > I have read the iptables man pages and havenŽt seen nothing similar. > Is it really posible to do so? I would suggest you set up a cron job which runs a shell script to fetch the list (using wget or lynx etc), then add the current IPs to a user-defined chain, then switch a rule in INPUT or FORWARD (you don't say which it is you want to ban, possibly both) to that chain from the previous one which was in place, then flush the old list ready for populating the next time around. ie: you have two user-defined chains, one of which is in use, and the other of which you are populating with the banned IPs, then you switch between them. Don't try adn use just one list, or else you will either (a) have trouble removing the old entries, or (b) have some period of time when there are no IPs in the banned list (which presumably is undesirable). Regards, Antony. -- Success is a lousy teacher. It seduces smart people into thinking they can't lose. - William H Gates III Please reply to the list; please don't CC me.
