by addhewarman

allow only indonesia IP address to your website (updated with one single command)

1. first thing you must allow your ssh port
2. then drop all INPUT connection using [iptables -P INPUT DROP]
3. make sure you know what you’re doing and you can remote your server on your ssh port
4. execute this


curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " -j ACCEPT")}'

basically what ultimate command did above
1. accept all indonesia ip connection to your server so your server can only be access thru indonesia ip address
2. download all list ip from update list of mikrotik open ixp
3. parsing the data using awk and sed
4. remove unwanted string and clean up your way for unnecessary ip address
5. execute iptables inside last parsing of awk command

anyway if your webservice running on port 80 or 443 you can also execute this for specific port

#for only allow port 80

curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " --dport 80 -j ACCEPT")}'

#for only allow port 443

curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -A INPUT -p tcp -m tcp -s " $3 " --dport 443 -j ACCEPT")}'

how to remove the them ? good question please execute this

#remove rule and clean up your mess on port 80

curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " --dport 80 -j ACCEPT")}'

#remove rule and clean up your mess on port 443

curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " --dport 443 -j ACCEPT")}'

#remove rule and clean up your mess on all incoming port

curl http://ixp.mikrotik.co.id/download/nice.rsc | awk '{print $0}' | grep "add list" | grep -v "1.2.3.4" | sed "s/\"//g" |awk -F"=" '{system ("iptables -D INPUT -p tcp -m tcp -s " $3 " -j ACCEPT")}'

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s