Bash скрипт для ограничения доступа к ТВ сервису.
#!/bin/bash
/sbin/ipset -F iptv8080
/sbin/ipset -N -exist iptv8080 nethash
/sbin/ipset -A iptv8080 10.103.0.0/27
MYSQL_RESULT_8080=`mysql -h*.*.*.1 -uabills -pPASSWORD abills -N -e "SELECT CID FROM internet_online i, tarif_plans tp where i.tp_id=tp.tp_id and tp.id in (12,13,14,17,20,54)"`
for i in $MYSQL_RESULT_8080; do
/sbin/ipset -A iptv8080 $i
done;
/sbin/iptables -A in_world_moment_s7 -p tcp -m tcp --sport 1024:65535 --dport 8080 -m set --match-set iptv8080 src -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A out_world_moment_s7 -p tcp -m set --match-set iptv8080 dst -m tcp --sport 8080 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
/sbin/ipset -F iptv8080
/sbin/ipset -N -exist iptv8080 nethash
/sbin/ipset -A iptv8080 10.103.0.0/27
MYSQL_RESULT_8080=`mysql -h*.*.*.1 -uabills -pPASSWORD abills -N -e "SELECT CID FROM internet_online i, tarif_plans tp where i.tp_id=tp.tp_id and tp.id in (12,13,14,17,20,54)"`
for i in $MYSQL_RESULT_8080; do
/sbin/ipset -A iptv8080 $i
done;
/sbin/iptables -A in_world_moment_s7 -p tcp -m tcp --sport 1024:65535 --dport 8080 -m set --match-set iptv8080 src -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A out_world_moment_s7 -p tcp -m set --match-set iptv8080 dst -m tcp --sport 8080 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Комментарии
Отправить комментарий