#!/bin/bash ######################################################################### # File Name: Get_Out_Spam.sh # Author: LookBack # Email: admin#dwhd.org # Version: # Created Time: 2015年09月15日 星期二 22时30分38秒 ######################################################################### #================================================= # System Required: CentOS/Debian/Ubuntu # Description: 一键封禁 BT PT SPAM(垃圾邮件) # Version: 1.0.2 # Blog: https://doub.io/wlzy-14/ #================================================= Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" && Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" && Font_color_suffix="\033[0m" Info="${Green_font_prefix}[信息]${Font_color_suffix}" Error="${Red_font_prefix}[错误]${Font_color_suffix}" smpt_port="25,26,465,587" pop_port="109,110,995" imap_port="143,218,220,993" other_port="24,50,57,105,106,158,209,1109,24554,60177,60179" key_word=(Subject HELO SMTP "torrent" ".torrent" "peer_id=" "announce" "info_hash" "get_peers" "find_node" "BitTorrent" "announce_peer" "announce.php?passkey=") v4iptables=`which iptables 2>/dev/null` v6iptables=`which ip6tables 2>/dev/null` # cat_rules() { $1 -t $2 -L OUTPUT -nvx --line-numbers; } save_rules() { if [ -f /etc/redhat-release ]; then for i in $v4iptables $v6iptables;do ${i}-save > /etc/sysconfig/`basename $i`; done else for i in $v4iptables $v6iptables;do ${i}-save > /etc/`basename $i`.rules;done cat > /etc/network/if-pre-up.d/iptables << EOF #!/bin/bash ${v4iptables}-restore < /etc/`basename $v4iptables`.rules EOF chmod +x /etc/network/if-pre-up.d/iptables fi } # 添加 mangle_key_word() { $1 -t mangle -A OUTPUT -m string --string "$2" --algo bm --to 65535 -j DROP; } tcp_port_DROP() { [ "$1" = "$v4iptables" ] && $1 -t filter -A OUTPUT -p tcp -m multiport --dports $2 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable [ "$1" = "$v6iptables" ] && $1 -t filter -A OUTPUT -p tcp -m multiport --dports $2 -m state --state NEW,ESTABLISHED -j REJECT --reject-with tcp-reset } udp_port_DROP() { $1 -t filter -A OUTPUT -p udp -m multiport --dports $2 -j DROP; } # 删除 del_mangle_key_word() { $1 -t mangle -D OUTPUT -m string --string "$2" --algo bm --to 65535 -j DROP; } del_tcp_port_DROP() { [ "$1" = "$v4iptables" ] && $1 -t filter -D OUTPUT -p tcp -m multiport --dports $2 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable [ "$1" = "$v6iptables" ] && $1 -t filter -D OUTPUT -p tcp -m multiport --dports $2 -m state --state NEW,ESTABLISHED -j REJECT --reject-with tcp-reset } del_udp_port_DROP() { $1 -t filter -D OUTPUT -p udp -m multiport --dports $2 -j DROP; } # ========================= # # 添加 add_iptables(){ if [ -n "$v4iptables" -a -n "$v6iptables" ]; then for i in ${key_word[@]}; do for j in $v4iptables $v6iptables; do mangle_key_word $j $i; done; done for i in ${smpt_port} ${pop_port} ${imap_port} ${other_port}; do for j in $v4iptables $v6iptables; do tcp_port_DROP $j $i && udp_port_DROP $j $i; done; done save_rules && iptables -L -n && echo -e "${Info} iptables 防火墙 封禁BT PT SPAM(垃圾邮件)规则添加成功 !" elif [ -n "$v4iptables" ]; then for i in ${key_word[@]}; do mangle_key_word $v4iptables $i;done for i in ${smpt_port} ${pop_port} ${imap_port} ${other_port}; do tcp_port_DROP $v4iptables $i && udp_port_DROP $v4iptables $i; done save_rules && iptables -L -n && echo -e "${Info} iptables 防火墙 封禁BT PT SPAM(垃圾邮件)规则添加成功 !" else echo -e "${Error} 没有找到 iptables !" fi } # 删除 del_iptables(){ if [ -n "$v4iptables" -a -n "$v6iptables" ]; then for i in ${key_word[@]}; do for j in $v4iptables $v6iptables; do del_mangle_key_word $j $i; done; done for i in ${smpt_port} ${pop_port} ${imap_port} ${other_port}; do for j in $v4iptables $v6iptables; do del_tcp_port_DROP $j $i && del_udp_port_DROP $j $i; done; done save_rules && iptables -L -n && echo -e "${Info} iptables 防火墙 封禁BT PT SPAM(垃圾邮件)规则删除成功 !" elif [ -n "$v4iptables" ]; then for i in ${key_word[@]}; do del_mangle_key_word $v4iptables $i;done for i in ${smpt_port} ${pop_port} ${imap_port} ${other_port}; do del_tcp_port_DROP $v4iptables $i && del_udp_port_DROP $v4iptables $i; done save_rules && iptables -L -n && echo -e "${Info} iptables 防火墙 封禁BT PT SPAM(垃圾邮件)规则删除成功 !" else echo -e "${Error} 没有找到 iptables !" fi } action=$1 [[ -z $1 ]] && action=add case "$action" in add) add_iptables ;; del) del_iptables ;; *) echo -e "${Error} 用法: { add | del }" ;; esac