#!/bin/bash ipset list |grep blacklist if [ $? == 1 ];then ipset create blacklist hash:ip else ipset flush blacklist fi for i in `cat filter.txt` do { ipset add blacklist $i } done iptables -nvL |grep blacklist if [ $? == 1 ];then iptables -I INPUT -m set --match-set blacklist src -p tcp -j DROP fi