.png)
1 month ago
4
my_mental_sanity_script.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script will add POSTROUTING iptables rule to block websites | |
| FORCE=${FORCE:-false} | |
| BLACKLIST=(cnn.com www.cnn.com foxnews.com www.foxnews.com nytimes.com www.nytimes.com cnbc.com www.cnbc.com washingtonpost.com) | |
| # Add NEWS_BLACKLIST chain if it doesn't exist | |
| iptables -N NEWS_BLACKLIST | |
| # Check if the rule exists and add it if it doesn't | |
| iptables -C FORWARD -d 0.0.0.0/0 -j NEWS_BLACKLIST | |
| if [ $? -ne 0 ]; then | |
| iptables -A FORWARD -d 0.0.0.0/0 -j NEWS_BLACKLIST | |
| fi | |
| # For each domain, we need to get the ip address using dig +short A domain.com | |
| # Each domain can have multiple ip addresses, so we need to add a POSTROUTING iptables rule for each ip address | |
| for domain in "${BLACKLIST[@]}"; do | |
| ip=$(dig @8.8.8.8 +short A $domain) | |
| for ip in $ip; do | |
| if [ "$FORCE" = true ]; then | |
| iptables -F NEWS_BLACKLIST | |
| iptables -A NEWS_BLACKLIST -d $ip -j REJECT --reject-with icmp-port-unreachable | |
| else # Incremental mode | |
| iptables -C NEWS_BLACKLIST -d $ip -j REJECT --reject-with icmp-port-unreachable | |
| if [ $? -ne 0 ]; then | |
| iptables -A NEWS_BLACKLIST -d $ip -j REJECT --reject-with icmp-port-unreachable | |
| fi | |
| fi | |
| done | |
| done |
