curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > CN.rules
ipset -! -R <<-EOF || return 1
        create CN_RULES hash:net hashsize 64 maxelem `wc -l CN.rules |awk '{print $1}'`
        `sed -e "s/^/add CN_RULES /" CN.rules`
EOF
iptables -t mangle -I INPUT -m set --match-set CN_RULES src -j DROP

标签: none

添加新评论