-
Notifications
You must be signed in to change notification settings - Fork 5
/
block_website.sh
executable file
·55 lines (46 loc) · 1.34 KB
/
block_website.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
function look_up_ips() {
local WEBSITE=$1
IP_LIST=`dig $1 A | awk '{print $5}' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'`
echo $IP_LIST
}
function drop_ip_dest(){
# We add the DROP rule to the FORWARD table
# This drops packets coming FROM the intended host
# rather than blocking outgoing packets. This means
# that all ESTABLISHED connections stop working as well
# if we just added it to the outgoing rule then all established
# connections would continue to work until the conntrack times them out.
local IPADDR=$1
echo "Blocking access to IP: $IPADDR"
iptables -t filter -I FORWARD -s $IPADDR -j DROP
}
function allow_ip_dest(){
# We assume that the IP addresses will stay the same.
# This is not sensible.
local IPADDR=$1
echo "Unblocking access to IP: $IPADDR"
iptables -t filter -D FORWARD -s $IPADDR -j DROP
}
if [ $EUID -gt 0 ]; then
echo "This script needs to run as root."
exit 1
fi
ACTION=$1
SITE=$2
if [ "$ACTION" != "block" ] && [ "$ACTION" != "unblock" ]; then
echo "First argument needs to be either block or unblock"
exit 1
fi
echo "Destination hostname: $SITE"
a=$(look_up_ips $SITE)
for THING in $a
do
#echo "IP address: $THING"
if [ "$ACTION" == "block" ]; then
drop_ip_dest $THING
fi
if [ "$ACTION" == "unblock" ]; then
allow_ip_dest $THING
fi
done