#!/bin/sh

ipset create wfh hash:ip timeout 86400
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 445 -j DNAT --to-destination 127.0.0.1:445
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 2080 -j DNAT --to-destination 127.0.0.1:2080
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 2220 -j DNAT --to-destination 127.0.0.1:2220
iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 2221 -j DNAT --to-destination 127.0.0.1:2221
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:2222
#alias wfh="sudo bash -xe -c 'ipset add --exist wfh ${SSH_CLIENT%% *} timeout 86400'"

ipset create blacklist hash:net timeout 86400
iptables -A INPUT -m set --match-set blacklist src -j DROP

ipset create cloudflare hash:net
curl -s https://www.cloudflare.com/ips-v4 | xargs -i ipset add cloudflare {}
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set cloudflare src -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:81