1. first thing you must allow your ssh port
2. then drop all INPUT connection using [iptables -P INPUT DROP]
3. make sure you know what you’re doing and you can remote your server on your ssh port
4. execute this
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " -j ACCEPT")}'
basically what ultimate command did above
1. accept all indonesia ip connection to your server so your server can only be access thru indonesia ip address
2. download all list ip from update list of mikrotik open ixp
3. parsing the data using awk and sed
4. remove unwanted string and clean up your way for unnecessary ip address
5. execute iptables inside last parsing of awk command
anyway if your webservice running on port 80 or 443 you can also execute this for specific port
#for only allow port 80
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " --dport 80 -j ACCEPT")}'
#for only allow port 443
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " --dport 443 -j ACCEPT")}'
how to remove the them ? good question please execute this
#remove rule and clean up your mess on port 80
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " --dport 80 -j ACCEPT")}'
#remove rule and clean up your mess on port 443
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " --dport 443 -j ACCEPT")}'
#remove rule and clean up your mess on all incoming port
curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " -j ACCEPT")}'