#!/bin/bash

source /usr/local/share/dynfw.sh

args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR.  Good for obnoxious networks/hosts/DoS"

if [ "$2" = "on" ] 
then
	#rules will be appended or inserted as normal
	APPEND="-A"
	INSERT="-I"
	rec_check ipdrop $1 "$1 already blocked" on
	record ipdrop $1
elif [ "$2" = "off" ]
then
	#rules will be deleted instead
	APPEND="-D"
	INSERT="-D"
	rec_check ipdrop $1 "$1 not currently blocked" off 
	unrecord ipdrop $1
else
	echo "Error: \"off\" or \"on\" expected as second argument"
	exit 1
fi	

#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.

iptables $INSERT INPUT   -s $1 -j DROP
iptables $INSERT OUTPUT  -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP 
echo "IP ${1} drop ${2}."
