firewall/ReadMe.md

49 lines
1.6 KiB
Markdown
Raw Normal View History

2024-09-24 20:01:37 -06:00
### What is it?
A simple NFT firewall manager with DDOS protection. Written in Bash.
2024-09-24 19:57:23 -06:00
### Features
* Web Crawler Detection and Blocker
* Easily Configure NFT
* Support for WireGuard NFT rules
2024-09-24 19:59:41 -06:00
* Automatic IP blocking for DDOS attacks
2024-09-24 19:57:23 -06:00
* Easily add custom DDOS modules to protect against attacks
2024-09-24 19:57:54 -06:00
* Automatic Rate-limiting for HTTP/HTTPS Connections if under attack
2024-09-24 19:58:36 -06:00
* Interactive Menu-driven User Experience
2024-09-24 20:00:50 -06:00
* Includes thousands of Web Crawler IP's ready to block!
2024-09-24 19:57:23 -06:00
2024-09-24 19:43:13 -06:00
### Prerequisites
1. NFT
2. Redis
2024-09-24 19:45:16 -06:00
### Install
2024-09-24 19:44:13 -06:00
* ```cd /opt```
* ```git clone https://git.poster.place/verita84/firewall```
2024-09-24 19:47:09 -06:00
* ```cp firewall.service /etc/systemd/system```
* ```systemctl enable --now firewall```
2024-09-24 19:43:13 -06:00
### Configure Redis Schema
```bash firewall.sh import-db```
### Configure firewall.sh
2024-09-24 19:44:54 -06:00
* Edit the ```portConfig``` variables to allow ports
2024-09-24 19:55:19 -06:00
* Modify ```NGINX_ACCESS``` to point to your NGINX config file.
2024-09-24 19:56:10 -06:00
I recommend keeping the ```NGINX_ACCESS``` log in /tmp mounted via TMPFS to reduce writes on your SSD and so the script can quickly scan the file.
2024-09-24 19:43:13 -06:00
### Add Detection by the Minute via Cron
```
*/1 * * * * bash /opt/firewall/firewall.sh attacker-protection
*/5 * * * * bash /opt/firewall/firewall.sh forgive
2024-09-24 19:52:31 -06:00
00 00 * * * bash /opt/firewall/firewall.sh export-db
2024-09-24 19:43:13 -06:00
```
2024-09-24 19:52:31 -06:00
Per the above, new attacks are searched every minute and temp blocks are forgiven every 5 minutes. The Redis DB is exported at midnight.
2024-09-24 19:47:47 -06:00
### Accessing the Menu
```bash firewall.sh```
2024-09-24 19:50:18 -06:00
### Custom Modules
2024-09-24 19:50:43 -06:00
* There are a few custom function modules to protect against certain DDOS attacks and they are named ```module-foo()```.
2024-09-24 19:53:32 -06:00
* Modules can be loaded by adding them to the ```attacker-protection()``` or ```watch()``` functions as needed
2024-09-24 19:50:18 -06:00