#!/bin/sh

ipset create vps hash:ip timeout 86400
ipset add --exist vps 154.26.185.138 timeout 0
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set vps src -m tcp --dport 1080 -j DNAT --to-destination 127.0.0.2:1080
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set vps src -m tcp --dport 2220 -j DNAT --to-destination 127.0.0.2:2220

ipset create wfh hash:ip timeout 86400
iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 2221 -j DNAT --to-destination 127.0.0.2:2221
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set wfh src -m tcp --dport 445 -j DNAT --to-destination 127.0.0.2:445
#alias wfh="sudo bash -xe -c 'ipset add --exist wfh ${SSH_CLIENT%% *} timeout 86400'"

ipset create blacklist hash:net timeout 86400
iptables -A INPUT -m set --match-set blacklist src -j DROP

#ipset create cloudflare hash:net
#curl -s https://www.cloudflare.com/ips-v4 | xargs -i ipset add cloudflare {}
#iptables -t nat -A PREROUTING -d 10.0.0.46/32 -p tcp -m set --match-set cloudflare src -m tcp --dport 80 -j DNAT --to-destination 127.0.0.1:81