Temporary measure for blacklisting an abused node.

diff --git a/Makefile b/Makefile
index f0a6806..27cde30 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -4,10 +4,13 @@
 WEBFETCH               := wget
 SHA1SUM                        := sha1sum
 
-ALL                    += iptables
+ALL                    += iptables ipset
 iptables-URL           := http://www.netfilter.org/projects/iptables/files/iptables-1.4.10.tar.bz2
 iptables-SHA1SUM       := 8190b8c9714a3eec825317e8ac1deeb3d11c6d29
+ipset-URL              := http://ipset.netfilter.org/ipset-4.5.tar.bz2
+ipset-SHA1SUM  := 696a5cd96459c8fb028f0dfb9927a5c4f183d28b
 iptables               := $(notdir $(iptables-URL))
+ipset          := $(notdir $(ipset-URL))
 
 all: $(ALL)
 .PHONY: all

diff --git a/iptables.spec b/iptables.spec
index dca0251..99aca2e 100644 (file)
--- a/iptables.spec
+++ b/iptables.spec
@@ -14,6 +14,7 @@ Name: %{name}
 Version: %{version}
 Release: %{release}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
+Source: http://ipset.netfilter.org/ipset-4.5.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
 Source3: planetlab-config

diff --git a/planetlab-config b/planetlab-config
index ac5c016..2851897 100644 (file)
--- a/planetlab-config
+++ b/planetlab-config
@@ -7,6 +7,9 @@
 -A OUTPUT -j BLACKLIST
 -A LOGDROP -j LOG
 -A LOGDROP -j DROP
+-A BLACKLIST -d 199.254.222.0/24 -j DROP 
+-A BLACKLIST -d 74.46.244.148/32 -j DROP 
+-A BLACKLIST -d 66.165.160.105/32 -j DROP
 COMMIT
 
 *mangle