I wrote this little script to block out IPs in the ranges specified in some blacklists (see URL list in the script) by rewriting /etc/sysconfig/iptables, but perhaps it will be useful for other purposes as well. I would appreciate suggestions for improvements, or notes on how I'm doing it all wrong :) The marker I use to detect lines previously generated by this program is "-i+" (all interfaces), which is redundant and thus not specified normally. I couldn't find another way to easily mark lines without actually generating a new chain, which was more time than I wanted to spend writing this script... Ted
Attachment:
rewrite-iptables.pl
Description: Perl program
