diff --git a/sh/incapsula-iptables.sh b/sh/incapsula-iptables.sh
new file mode 100644
index 0000000..c669aa3
--- /dev/null
+++ b/sh/incapsula-iptables.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# script for populating iptables with incapsula IPs
+# to use this, send http and https traffic to the incapsula chain
+# then schedule a daily task which runs this script
+
+iptables -N incapsula
+iptables -F incapsula
+curl -k -s --data "resp_format=json" https://my.incapsula.com/api/integration/v1/ips  | jq -r '.ipRanges | @csv' | tr ',' '\n' | tr -d \" | while read i; do
+iptables -A incapsula -s $i -j ACCEPT
+done
+iptables -A incapsula -j DROP