Is there any effective way to do this?
UPDATE. Found solution.
All paths are according to CeontOS 7. If you have different distrib, change paths.
This goes to autostart:
echo "/usr/bin/ipset create bitcoinxt iphash timeout 0" >> /etc/rc.local
This goes to /etc/cron.hourly/bitcoinxt
#!/bin/bash
/bin/grep BitcoinXT /var/log/kern.log | /usr/bin/perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | /bin/sort | /usr/bin/uniq -u | /usr/bin/xargs -L 1 ipset -exist add bitcoinxt
Also
# chmod 755 /etc/cron.hourly/bitcoinxt
This goes to iptables
iptables -A INPUT -m set --set bitcoinxt src -j DROP
iptables -A INPUT -p tcp -m tcp --dport 8333 -m string --string "Bitcoin XT" --algo bm --to 65535 -j LOG --log-prefix "BitcoinXT" --log-level 1
iptables -A OUTPUT -m set --match-set bitcoinxt dst -j DROP
Dont forget to
/etc/init.d/iptables save