#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== recent state
#==== Brick specific help ====
#	If the checkbans module sees state NEW traffic arriving from an IP
#address that was banned (i.e., some other module placed it in the
#"banfor30" chain) in the last 30 seconds, the traffic is dropped.

/usr/bin/sudo /sbin/iptables -N checkbans
/usr/bin/sudo /sbin/iptables -A checkbans -s 127.0.0.1 -j RETURN
/usr/bin/sudo /sbin/iptables -A checkbans -m recent --name banfor30 --rcheck --seconds 30 -j DROP
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -m state --state NEW -j checkbans
/usr/bin/sudo /sbin/iptables -A FORWARD -m state --state NEW -j checkbans
/usr/bin/sudo /sbin/iptables -A OUTPUT -m state --state NEW -j checkbans