new: iptables script for Incapsula

2019-03-27 10:54:26 +08:00 · 2019-03-27 10:54:26 +08:00 · 394edce8fa
commit 394edce8fa
parent acc9367e90
1 changed files with 11 additions and 0 deletions
--- a/sh/incapsula-iptables.sh
+++ b/sh/incapsula-iptables.sh
@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# script for populating iptables with incapsula IPs
+# to use this, send http and https traffic to the incapsula chain
+# then schedule a daily task which runs this script
+
+iptables -N incapsula
+iptables -F incapsula
+curl -k -s --data "resp_format=json" https://my.incapsula.com/api/integration/v1/ips  | jq -r '.ipRanges | @csv' | tr ',' '\n' | tr -d \" | while read i; do
+iptables -A incapsula -s $i -j ACCEPT
+done
+iptables -A incapsula -j DROP