| 123456789101112131415161718192021222324252627282930313233 |
- # run as root
- ipset create ngx-ban-dstip hash:net
- iptables \
- -A OUTPUT \
- -p tcp --syn \
- -m owner --uid-owner jsproxy \
- -m set --match-set ngx-ban-dstip dst \
- -j REJECT
- # https://en.wk.jsproxy.tk/wiki/Reserved_IP_addresses
- REV_NET=(
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
- )
- for v in ${REV_NET[@]}; do
- ipset add ngx-ban-dstip $v
- done
|
