echo >> "deny all from $sip rule " etc/iptables-config-file;
echo >> "timestamp for $sip rule" someotherlogfile;
system("service iptables restart");
For that kind of situation, create a new chain in your boot-time iptables configuration (/etc/sysconfig/iptables) and add/delete to just that chain.
# create new chain
iptables -N badchild
# always run packets through this chain (could have a filter expression here)
iptables -A INPUT -j badchild
Later, in your Perl script:
system("iptables -A badchild -s $sip -j DROP_badchild");(I assume DROP_badchild does a LOG and then DROP. Use the rate-limiter here.)
To remove a rule, you could grep for the source IP in the chain, something like this:
grep $sip `iptables -L badchild --line-numbers` | awk '{ print $1; }'and then run "iptables -D badchild $index" against the resulting index list. (Perl experts should be able to turn the above into a Perl one-liner.)
