User Tools

Site Tools


linux:iptables:reject_by_as

Blocking big networks, like Facebook for example, with iptables on your firewall.
Find the AS from Facebook
Setup a simple script that will do the work for you

Now with IPv6 Support

#!/bin/bash
 
ASN="${ASN} AS32934" # Facebook
ASN="${ASN} AS19679" # Dropbox
ASN="${ASN} AS13414" # Twitter
ASN="${ASN} AS200757" # Axel Springer SE
 
BLOCKLIST=""
BLOCKLIST6=""
 
#For IPv4 Blocking
for AS in $ASN
    do
        SNET=$(whois -h whois.radb.net -- "-i origin $AS" | awk '/^route:/ {print $2;}' | sort | uniq)
        BLOCKLIST="${BLOCKLIST} $SNET"
    done
for SUBNET in $BLOCKLIST
    do
        iptables -A OUTPUT -d $SUBNET -j REJECT
done
 
#For IPv6 Blocking
for AS in $ASN
    do  
        SNET=$(whois -h whois.radb.net -- "-i origin $AS" | awk '/^route6:/ {print $2;}' | sort | uniq)
        BLOCKLIST6="${BLOCKLIST6} $SNET"
    done
for SUBNET in $BLOCKLIST6
    do  
        ip6tables -A OUTPUT -d $SUBNET -j REJECT
    done
linux/iptables/reject_by_as.txt · Last modified: 2019/02/04 11:07 by karloff