Add IPs with IPSet
This commit is contained in:
parent
80c50daf13
commit
c74b5b405c
24
blockauth
24
blockauth
|
@ -18,7 +18,7 @@ fi
|
||||||
|
|
||||||
# Check dependencies
|
# Check dependencies
|
||||||
path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin /home/linuxbrew/.linuxbrew/bin"
|
path_check="/usr/bin /bin /usr/local/bin /sbin ${HOME}/.local/bin /home/linuxbrew/.linuxbrew/bin"
|
||||||
dependencies="iptables cat grep sort sed rm echo wc touch systemctl"
|
dependencies="iptables ipset cat grep sort sed rm echo wc touch systemctl"
|
||||||
dependencies_found=""
|
dependencies_found=""
|
||||||
dependencies_not_found=""
|
dependencies_not_found=""
|
||||||
for checkPath in ${path_check} ; do
|
for checkPath in ${path_check} ; do
|
||||||
|
@ -78,7 +78,7 @@ else
|
||||||
echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf
|
echo "always_ip_allowed=\"192.168.0.1 192.168.0.2\"" >> /etc/blockauth/blockauth.conf
|
||||||
echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf
|
echo "blocklist=\"/etc/blockauth/blocklist.list\"" >> /etc/blockauth/blockauth.conf
|
||||||
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
|
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
|
||||||
echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf
|
echo "max_ip_blocklist=\"5000\"" >> /etc/blockauth/blockauth.conf
|
||||||
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
|
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -96,7 +96,7 @@ if [ -z "${filelog}" ] ; then
|
||||||
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
|
echo "filelog=\"/etc/blockauth/blockauth.log\"" >> /etc/blockauth/blockauth.conf
|
||||||
fi
|
fi
|
||||||
if [ -z "${max_ip_blocklist}" ] ; then
|
if [ -z "${max_ip_blocklist}" ] ; then
|
||||||
echo "max_ip_blocklist=\"500\"" >> /etc/blockauth/blockauth.conf
|
echo "max_ip_blocklist=\"5000\"" >> /etc/blockauth/blockauth.conf
|
||||||
fi
|
fi
|
||||||
if [ -z "${block_ports}" ] ; then
|
if [ -z "${block_ports}" ] ; then
|
||||||
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
|
echo "block_ports=\"22,80,443\"" >> /etc/blockauth/blockauth.conf
|
||||||
|
@ -110,6 +110,18 @@ if [ "${valid_users}" == "test1 test2" ] ; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Function for initial configuration
|
||||||
|
# Syntax: run_iptables <ports>
|
||||||
|
function run_iptables() {
|
||||||
|
iptables -F
|
||||||
|
ipset destroy blockauth 2> /dev/null
|
||||||
|
ipset create blockauth hash:ip
|
||||||
|
iptables -A INPUT -p tcp -m multiport --sports ${1} -m set --match-set blockauth src -j DROP
|
||||||
|
iptables -A OUTPUT -p tcp -m multiport --sports ${1} -m set --match-set blockauth src -j DROP
|
||||||
|
}
|
||||||
|
|
||||||
|
# Reset initial configuration
|
||||||
|
run_iptables "${block_ports}"
|
||||||
echo "blockauth: running process"
|
echo "blockauth: running process"
|
||||||
echo "blockauth: running process" >> ${filelog}
|
echo "blockauth: running process" >> ${filelog}
|
||||||
blockauth=0
|
blockauth=0
|
||||||
|
@ -129,7 +141,7 @@ while [ ${blockauth} -eq 0 ] ; do
|
||||||
touch ${blocklist}
|
touch ${blocklist}
|
||||||
echo "blockauth: resetting blocklist because maximum has been reached"
|
echo "blockauth: resetting blocklist because maximum has been reached"
|
||||||
echo "blockauth: resetting blocklist because maximum has been reached" >> ${filelog}
|
echo "blockauth: resetting blocklist because maximum has been reached" >> ${filelog}
|
||||||
iptables -F
|
run_iptables "${block_ports}"
|
||||||
fi
|
fi
|
||||||
touch ${blocklist}
|
touch ${blocklist}
|
||||||
cat ${blocklist} > ${blocklist}.temp
|
cat ${blocklist} > ${blocklist}.temp
|
||||||
|
@ -155,11 +167,11 @@ while [ ${blockauth} -eq 0 ] ; do
|
||||||
fi
|
fi
|
||||||
# Block IPs using iptables
|
# Block IPs using iptables
|
||||||
for block_ip in $(cat ${blocklist}) ; do
|
for block_ip in $(cat ${blocklist}) ; do
|
||||||
read_block_ip=$(iptables -n -L | grep "${block_ip}")
|
read_block_ip=$(ipset list blockauth | grep "${block_ip}")
|
||||||
if [ -z "${read_block_ip}" ] ; then
|
if [ -z "${read_block_ip}" ] ; then
|
||||||
echo "blockauth: blocking ip ${block_ip}"
|
echo "blockauth: blocking ip ${block_ip}"
|
||||||
echo "blockauth: blocking ip ${block_ip}" >> ${filelog}
|
echo "blockauth: blocking ip ${block_ip}" >> ${filelog}
|
||||||
iptables -A OUTPUT -p tcp -m multiport -d ${block_ip} --sports ${block_ports} -j DROP
|
ipset add blockauth ${block_ip}
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
# Reduce log
|
# Reduce log
|
||||||
|
|
Loading…
Reference in New Issue
Block a user