RedisPushIptables 通过 Redis 调用 iptables 项目简介
该模块可以通过 redis 来操作 iptables 的 INPUT 表规则的增加和删除,可以用来动态调用防火墙。比如用来防御攻击。功能与fail2ban相同,只不过它不需要日志分析,但是需要api主动调用,性能更好.但是前提要以 root 来运行,因为 iptables 需要 root 权限。accept.insert - Filter table INPUT ADD ACCEPT accept.delete - Filter table INPUT DEL ACCEPT drop.insert - Filter table INPUT ADD DROP drop.delete - Filter table INPUT DEL DROP ttl.drop.insert - Filter table INPUT ADD DROP 127.0.0.1:6379>accept.insert 192.168.188.8
(integer) 13
127.0.0.1:6379>accept.delete 192.168.188.8
(integer) 13
127.0.0.1:6379>drop.delete 192.168.188.8
(integer) 13
127.0.0.1:6379>ttl.drop.insert 192.168.188.8 60
(integer) 13root@debian:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.188.8 0.0.0.0/0
ACCEPT all -- 192.168.188.8 0.0.0.0/0
(integer) 13
127.0.0.1:6379>accept.delete 192.168.188.8
(integer) 13
127.0.0.1:6379>drop.delete 192.168.188.8
(integer) 13
127.0.0.1:6379>ttl.drop.insert 192.168.188.8 60
(integer) 13root@debian:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.188.8 0.0.0.0/0
ACCEPT all -- 192.168.188.8 0.0.0.0/0