head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2001.04.19.22.25.17;	author drobbins;	state dead;
branches;
next	1.1;

1.1
date	2001.04.19.16.31.18;	author drobbins;	state Exp;
branches;
next	;


desc
@@


1.2
log
@updates
@
text
@#!/bin/bash

source ##PREFIX##/share/dynfw.sh

args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR.  Good for obnoxious networks/hosts/DoS"

if [ "$2" == "on" ] 
then
	#rules will be appended or inserted as normal
	APPEND="-A"
	INSERT="-I"
	rec_check ipdrop $1 "$1 already blocked" on
	record ipdrop $1
elif [ "$2" == "off" ]
then
	#rules will be deleted instead
	APPEND="-D"
	INSERT="-D"
	rec_check ipdrop $1 "$1 not currently blocked" off 
	unrecord ipdrop $1
else
	echo "Error: \"off\" or \"on\" expected as second argument"
	exit 1
fi	

#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.

iptables $INSERT INPUT   -s $1 -j DROP
iptables $INSERT OUTPUT  -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP 
echo "IP ${1} drop ${2}."
@


1.1
log
@added dynamic firewalling tools project page
@
text
@@

