Set up a webserver on a local IP alias. Preferrably something nobody else listens on. I use 127.0.0.44.
I wrote a tiny, quick webserver to serve static pages. It's written in PHP, and can serve nearly a million pages per minute. It's available under PartyVan.
ban:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ -z "${1}" ]
then
echo "Usage: ${0} <ip>"
exit 64
fi
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
luser="${1}"
# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )
if [ -n "${banned}" ]
then
echo "Already banned, in rule(s): ${banned}"
exit 16
fi
# Obtain biggest index
last=$( ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1 | sort | tail -n 1 )
# Is it an index?
if [ -z "${last}" ]
then
# Populate it with a sane value
index="$( echo "${prefix}" | tr '?' '0' )"
else
# Increment
index="$(( "${last}" + 1 ))"
fi
rule="${index} fwd 127.0.0.44 tcp from "${luser}" to any 80 in recv fxp0"
${ipfw} add ${rule}
unban:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ -z "${1}" ]
then
echo "Usage: ${0} <ip>"
exit 64
fi
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
luser="${1}"
# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )
if [ -z "${banned}" ]
then
echo "Not banned. Check rulesets manually."
exit 16
fi
# Unban
echo "Unbanning: ${banned}"
${ipfw} del ${banned}
banlist:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
# Get list of banned IPs
${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip
do
echo "${number} -> ${ip}"
done