From c74b5b405c6f2e608c0d87a04396a6d2ca5ba14f Mon Sep 17 00:00:00 2001 From: q3aql Date: Tue, 16 Apr 2024 22:43:50 +0200 Subject: [PATCH] Add IPs with IPSet --- blockauth | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/blockauth b/blockauth index a98ceba..445ddae 100755 --- a/blockauth +++ b/blockauth @@ -18,7 +18,7 @@ fi # Check dependencies path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin /home/linuxbrew/.linuxbrew/bin" -dependencies="iptables cat grep sort sed rm echo wc touch systemctl" +dependencies="iptables ipset cat grep sort sed rm echo wc touch systemctl" dependencies_found="" dependencies_not_found="" for checkPath in ${path_check} ; do @@ -78,7 +78,7 @@ else echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf - echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf + echo "max_ip_blocklist=\"5000\"" >> /etc/blockauth/blockauth.conf echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf fi @@ -96,7 +96,7 @@ if [ -z "${filelog}" ] ; then echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf fi if [ -z "${max_ip_blocklist}" ] ; then - echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf + echo "max_ip_blocklist=\"5000\"" >> /etc/blockauth/blockauth.conf fi if [ -z "${block_ports}" ] ; then echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf @@ -110,6 +110,18 @@ if [ "${valid_users}" == "test1 test2" ] ; then exit fi +# Function for initial configuration +# Syntax: run_iptables +function run_iptables() { + iptables -F + ipset destroy blockauth 2> /dev/null + ipset create blockauth hash:ip + iptables -A INPUT -p tcp -m multiport --sports ${1} -m set --match-set blockauth src -j DROP + iptables -A OUTPUT -p tcp -m multiport --sports ${1} -m set --match-set blockauth src -j DROP +} + +# Reset initial configuration +run_iptables "${block_ports}" echo "blockauth: running process" echo "blockauth: running process" >> ${filelog} blockauth=0 @@ -129,7 +141,7 @@ while [ ${blockauth} -eq 0 ] ; do touch ${blocklist} echo "blockauth: resetting blocklist because maximum has been reached" echo "blockauth: resetting blocklist because maximum has been reached" >> ${filelog} - iptables -F + run_iptables "${block_ports}" fi touch ${blocklist} cat ${blocklist} > ${blocklist}.temp @@ -155,11 +167,11 @@ while [ ${blockauth} -eq 0 ] ; do fi # Block IPs using iptables for block_ip in $(cat ${blocklist}) ; do - read_block_ip=$(iptables -n -L | grep "${block_ip}") + read_block_ip=$(ipset list blockauth | grep "${block_ip}") if [ -z "${read_block_ip}" ] ; then echo "blockauth: blocking ip ${block_ip}" echo "blockauth: blocking ip ${block_ip}" >> ${filelog} - iptables -A OUTPUT -p tcp -m multiport -d ${block_ip} --sports ${block_ports} -j DROP + ipset add blockauth ${block_ip} fi done # Reduce log