[sysadmin-bin] Block abusers by means of iptables

[Patrick Uiterwijk <puiterwijk src gnome org>]

commit 9ab568bec49cf630dc6a9b1cdef7b498823a7f9a
Author: Patrick Uiterwijk <puiterwijk redhat com>
Date:   Sat Jun 28 10:08:05 2014 -0400

    Block abusers by means of iptables

 gnomeweb/list-abusers |   20 +++++++-------------
 1 files changed, 7 insertions(+), 13 deletions(-)
---
diff --git a/gnomeweb/list-abusers b/gnomeweb/list-abusers
index de11607..f9ea114 100755
--- a/gnomeweb/list-abusers
+++ b/gnomeweb/list-abusers
@@ -115,25 +115,19 @@ END {
                baninfo=""
 
                if [ -n "$BAN" ]; then
-                       ADD_TO_HTACCESS=""
+                       ADD_TO_IPTABLES=""
                        if [ $hits -gt $MINHITS -a $perhour -gt $MINHITSPERHOUR ]; then
                                baninfo="\tShould be banned"
-                               if [ -e "$HTACCESS" ]; then
                                        baninfo="\tBanned before"
-                                       # XXX - IP address is used as-is in the regexp
-                                       # XXX - should escape characters like . ? [
-                                       grep -q -- "deny from $ipaddr" "$HTACCESS" || ADD_TO_HTACCESS=1
-                               fi
+                               # XXX - IP address is used as-is in the regexp
+                               # XXX - should escape characters like . ? [
+                               iptables -nL | grep -q -- "$ipaddr" || ADD_TO_IPTABLES=1
                        fi
-                       if [ -n "$ADD_TO_HTACCESS" ]; then
+                       if [ -n "$ADD_TO_IPTABLES" ]; then
+                echo "Blocked $ipaddr. hits: $hits, perhour: $perhour" >>/var/log/blocked
                                baninfo="\tBanned"
                                # XXX - add mail notification
-                               cat >> "$HTACCESS" <<_EOF_
-
-# Automatically banned by list-abusers on `date -R`
-# Hits $hits, hits per hour $perhour
-deny from $ipaddr
-_EOF_
+                iptables -A ABUSERS -s $ipaddr -j REJECT --reject-with icmp-admin-prohibited
                        fi
                fi