-1
  1. I have a website or perhaps an IRC server or whatever.
  2. The server keeps a list of all unique visitors (IP addresses).
  3. I have a panic button that, when activated, denies access to all visitors that are not already in the list.

This is to stop massive troll raids without shutting down the service for regulars.

What's the best way to implement this at a low level so that it's agnostic to the kind of server used? Like, some iptables voodoo or something?

Distro is Ubuntu.

Ansis Māliņš
  • 175
  • 1
  • 10

2 Answers2

1

You can write a script that allows just them, and drops everything else, something like:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #to allow all established connections to continue, and to allow outgoing connections to get data back
iptables -A INPUT -i ethX -s {allowedIP#1} -j ACCEPT #allow first ip
iptables -A INPUT -i ethX -s {allowedIP#2} -j ACCEPT #..second
... #third and on
iptables -A INPUT -i ethX - -j DROP #drop everything else

Of course, if your IP list is very large, this becomes a resource hog.

mulaz
  • 10,682
  • 1
  • 31
  • 37
0
#!/usr/bin/bash

/sbin/iptables -A INPUT   -m state --state NEW -i eth1  -p tcp --destination-port {YOURIRCPORT} -j DROP

Call it panickfw.sh

To unlock create another similar script that has:

/sbin/iptables -D INPUT   -m state --state NEW -i eth1  -p tcp --destination-port {YOURIRCPORT} -j DROP

You can tweak it so you can use arguments to execute either rule.

Lucas Kauffman
  • 16,880
  • 9
  • 58
  • 93