注意需要引入iptables包
use Rex::Commands::Iptables;
1、远程主机iptables开放情况
|
1 2 3 4 5 6 7 |
task "ipc", group => "all", sub { my $str=q(iptables -n -L); my $output= run $str; say connection->server.": $output"; }; |
2、rex远程批量给iptables加黑名单
|
1 2 3 4 5 6 7 8 9 |
task "ipb",group => "all", sub { iptables I=>"INPUT", s => "60.173.26.35",j => "DROP"; iptables I=>"INPUT", s => "180.131.56.9",j => "DROP"; say connection->server." ip ban success!"; }; |
3、从rex从iptables中删除ip的条目
|
1 2 3 4 5 6 7 |
task "ipd", group => "all", sub { my $str=q(service iptables status|perl -lane 'print $F[0] if /180.131.56.9/'); my $output= run $str; run "iptables -D INPUT $output"; say connection->server; }; |
4、iptables限制sshd端口(22)登录,仅仅开放白名单ip。
|
1 2 3 4 5 6 7 8 9 |
task "bansshd",group => "all", sub { iptables A=>"INPUT", s => "192.168.1.0/24",p=>'tcp',dport=>22,j => "ACCEPT"; iptables A=>"INPUT", s => "172.16.2.88",p=>'tcp',dport=>22,j => "ACCEPT"; iptables A=>"INPUT",p=>'tcp',dport=>"22",j => "DROP"; say connection->server." sshd ban success!"; }; |