firewall/firewall2.sh

#!/bin/bash
MY_IP="47.5.112.50"
ATTACK_THRESHOLD="50"
SERVER_IP='192.168.0.55'
NGINX_ACCESS="/tmp/access.log"
#WIREGUARD=(51820)
WIREGUARD=(57692)
WEB=(80 443)
ADGUARD=(3000 8082 853 )
UPTIME=(4001)
DNS=(53 67 68)
CUPS=(631 5353)
BITCOIN=(8333 8332 8334 4050)
LND=(10009 9735 8080 28334 28333 19998 29000)
SYNCTHING=(22000 8384 21027)
NFS=(2049 111)
JELLYFIN=(8096 7359)
MACHINES=(127.0.0.1)
VIRT_BRIDGE="virbr0"
ADMIN=(22)
#### NFT CONFIG ####
NFT='/usr/sbin/nft'
NFT_TCP="$NFT add rule ip filter input tcp dport"
NFT_UDP="$NFT add rule ip filter input udp dport"
NFT6_UDP="$NFT add rule ip6 filter input udp dport"
NFT6_TCP="$NFT add rule ip6 filter input tcp dport"
NFT_DROP='counter drop'
NFT_ACCEPT='counter accept'
NFT='/usr/sbin/nft'
NFT_CACHE='/tmp/nft.cache'
TMP_BLOCK='/tmp/tmp-blocked.txt'
####
SAVED_BOTS='/opt/firewall/bots.txt'
CRAWLER_DB='/opt/firewall/crawlers.txt'
SAFE_TRAFFIC='/opt/firewall/safe.txt'
PEDO_DB='/opt/firewall/pedo.txt'
PEDO_LOG='/opt/firewall/pedo-log.txt'
fediblock_DB='/opt/firewall/fediblock.txt'
fediblock_TMP='/tmp/fediblock.tmp'
ATTACKER_DB='/opt/firewall/attacker-db.txt'
ATTACKER_LOG='/opt/firewall/attackers.txt'
BOT_ACCOUNT="blockbot@detroitriotcity.com"
CRAWLER_TMP='/tmp/crawlers.txt'
DATE="$(date +%Y:%H: -d "1 hour ago")"
#DATE="$(date +%Y:%H:)";
RULE_SET='/opt/firewall/nft.rules'
COUNTRY=(
	https://www.ipdeny.com/ipblocks/data/countries/il.zone
	https://www.ipdeny.com/ipblocks/data/countries/cn.zone
)

noscl setprivate 0fe0b7d521c1b599b12a3b1e72acc6f08d2011083f25379d0b90a506d044266f
nft list table filter > $NFT_CACHE

blockCountry() {
	for i in "${COUNTRY[@]}"; do
		echo
		echo "Blocking $i"
		DB=( $(curl $i) )
		for j in "${DB[@]}"; do
			$NFT add rule ip filter input ip saddr $j $NFT_DROP
		done
	done

}


wireguard-networking() {
	$NFT add table nat
	$NFT add chain nat postrouting
	$NFT add rule nat postrouting oif wg0 iif enp11s0
	$NFT add rule nat postrouting oif enp11s0 iif wg0
	$NFT add rule nat postrouting masquerade
	$NFT add rule filter forward iifname wg0 oif enp11s0 $NFT_ACCEPT
	$NFT add rule filter forward iifname enp11s0 oif wg0 $NFT_ACCEPT
	$NFT add rule ip filter input ip saddr 192.168.5.0/24 $NFT_ACCEPT
}

attacker-protection() {
	saved-attackers
	watch
	pedo-search
	bot-search
	attacker-search
}

bot-search() {
	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
	CRAWLERS=( $( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ei -f $CRAWLER_DB | cut -d "-" -f1 | sort -u))

	echo
	echo "Processing Web Crawler list into NFT....."
	echo
	for i in "${CRAWLERS[@]}"; do
		CHECK=$( cat $NFT_CACHE | grep $i)
		if [ "$CHECK"  = "" ];
			then
			       $NFT add rule ip filter input ip saddr $i $NFT_DROP
			else
				echo 
				echo "Skipping Duplicate IP $i"
				echo
		fi	
	done
}

pedo-search() {
	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
	echo
	echo "Processing Pedo Searches into NFT....."
	PEDO_SEARCH=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei 'tag|search' | grep -Evi -f $CRAWLER_DB | grep -Ei -f $PEDO_DB | head -1) 
		echo $PEDO_SEARCH
		if [ -z "$PEDO_SEARCH" ];
			then
			       echo "No Pedos Found"
			       else
			       	IP=$(echo $PEDO_SEARCH | cut -d ' ' -f1)
			       $NFT add rule ip filter input ip saddr $IP $NFT_DROP
			       noscl setprivate 0fe0b7d521c1b599b12a3b1e72acc6f08d2011083f25379d0b90a506d044266f
			       noscl publish --profile=33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 "$QUERY"

		fi
}

attacker-search() {
	echo
	echo "Processing Attacker Searches into NFT....."
	echo
	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
	ATTACKER_SEARCH=( $( grep $DATE $NGINX_ACCESS | grep -Ei '127.0.0.1|"$DATE"' | grep -vi $MY_IP | grep -Ei -f $ATTACKER_DB | cut -d "-" -f1 | sort -u))
	for i in "${ATTACKER_SEARCH[@]}"; do
		$NFT add rule ip filter input ip saddr $i $NFT_DROP
		QUERY=$(cat $NGINX_ACCESS | grep -i "$DATE" | grep -vi $MY_IP | grep $i | grep -Ei -f $ATTACKER_DB | head -1)
		if [ -z "$QUERY" ]; then
			echo "No Attackers Found"
		else
			echo "Found Attacker!"
			noscl publish --profile=33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 "$QUERY"
			echo $i >>$ATTACKER_LOG
		fi
	done

}

basic-security() {
	$NFT add rule filter input icmp type echo-request $NFT_DROP
	$NFS add rule filter input log
	$NFT rule filter input log $NFT_DROP
	$NFT rule filter output $NFT_ACCEPT
	$NFT rule filter forward $NFT_ACCEPT
	$NFT insert rule filter input ct state established $NFT_ACCEPT
	$NFT insert rule filter input iif lo $NFT_ACCEPT

	$NFT -f /usr/share/nftables/ipv6-filter.nft
	$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
	$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
}

virtualization() {
	ip link del virbr0
	killall dnsmasq
	/usr/bin/systemctl restart libvirtd
	/usr/bin/virsh net-start default
	/usr/bin/systemctl restart pleroma
	$NFT insert rule filter input iif $VIRT_BRIDGE $NFT_ACCEPT
}


uptimeKuma() {
	for i in "${UPTIME[@]}"; do
		$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
	done
}

admin() {
	for i in "${ADMIN[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
	done
}


wireguard() {
	sysctl -w net.ipv4.conf.all.forwarding=1
	for i in "${WIREGUARD[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_UDP $i $NFT_ACCEPT
	done
}

web() {
	for i in "${WEB[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
	done
}

dns(){
	for i in "${DNS[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_UDP $i $NFT_ACCEPT
	done

}

adguard() {
	for i in "${ADGUARD[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
	done
}

cups() {
	for i in "${CUPS[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_UDP $i $NFT_ACCEPT
	done
}

bitcoin() {
	for i in "${BITCOIN[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
	done
}

lnd() {
	for i in "${LND[@]}"; do
		$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
	done
}

syncthingServer() {
	for i in "${SYNCTHING[@]}"; do
		$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
	done

}

syncthing() {
	for i in "${SYNCTHING[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_UDP $i $NFT_ACCEPT
	done
}

jellyfin() {
	for i in "${JELLYFIN[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
		$NFT6_TCP $i $NFT_ACCEPT
		$NFT6_UDP $i $NFT_ACCEPT
	done
}

kde-connect() {
		$NFT_TCP 1714-1764 $NFT_ACCEPT
		$NFT_UDP 1714-1764 $NFT_ACCEPT
}

nfs() {
	for i in "${NFS[@]}"; do
		$NFT_TCP $i $NFT_ACCEPT
		$NFT_UDP $i $NFT_ACCEPT
	done
}

trust() {
	for i in "${MACHINES[@]}"; do
		$NFT add rule filter input ip saddr $i $NFT_ACCEPT
	done
}

start() {

	$NFT flush ruleset

#	if [ -f "$RULE_SET" ]; then
#		echo
		echo "Importing Existing Rule Set"
		#$NFT -f $RULE_SET
#	else
		#echo
		#echo "No existing Rules saved"
		$NFT -f /usr/share/nftables/ipv4-filter.nft
#	fi

	if [[ $HOSTNAME == *"nas"* ]]; then
		attacker-protection
		wireguard
		web
		admin
		adguard
		dns
		cups
		syncthingServer
		syncthing
		#blockCountry
		jellyfin
		wireguard-networking
		uptimeKuma
		docker restart uptime-kuma
		$NFT insert rule filter input iif docker0 $NFT_ACCEPT
		basic-security
	else
		virtualization
		basic-security
	fi

}

research(){
	STATS=( $( cat $TMP_BLOCK ) )
	for i in "${STATS[@]}"; do
		echo "------------------[Researching $i]-----------------------"
		grep $i $NGINX_LOG 
		echo "------------------[ENDi]-----------------------"
	done
}

status() {
	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
	STATS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l  )
	GET=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l  )
	POST=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l  )
	PUT=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l  )
	NOT_FOUND=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l  )
	GATEWAY=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l  )
	SUCCESS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l  )
	CRAWL=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l  )
	echo "=================================================================="
	echo "Attack Threshold: $ATTACK_THRESHOLD"
	echo "Firewall Rules: $($NFT list table filter | wc -l)"
	echo
	echo "Traffic Last Minute: $STATS"
	echo "	GET: $GET"
	echo "	PUT: $PUT"
	echo "	POST: $POST"
	echo "	Crawlers: $CRAWL"
	echo
	echo "Query Stats:: "
	echo "	200: $SUCCESS"
	echo "	404: $NOT_FOUND"
	echo "	502: $GATEWAY"
	echo
	echo "Blocked IP's:"
	cat $TMP_BLOCK
	echo "=================================================================="
}

stop() {
	forgive	
	$NFT -s list ruleset | tee $RULE_SET
	$NFT flush ruleset
	$NFT -f /usr/share/nftables/ipv4-filter.nft
	$NFT add rule filter input icmp type echo-request $NFT_ACCEPT
	$NFT rule filter input $NFT_ACCEPT
	$NFT rule filter output $NFT_ACCEPT
	$NFT rule filter forward $NFT_ACCEPT
	$NFT insert rule filter input ct state established $NFT_ACCEPT
	$NFT insert rule filter input iif lo $NFT_ACCEPT

	$NFT -f /usr/share/nftables/ipv6-filter.nft
	$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT
	$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT
}

forgive() {
	IP=( $( grep -vi $MY_IP $TMP_BLOCK) )
	echo $IP
	for i in "${IP[@]}"; do
		echo "Checking $i"
		HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
		echo "Removing: $i"
		echo $NFT delete rule ip filter input handle $HANDLE
		$NFT delete rule ip filter input handle $HANDLE
	done
	echo > $TMP_BLOCk
}

saved-attackers() {
	echo
	IP=( $( cat $ATTACKER_LOG | grep -vi $MY_IP | cut -d ' ' -f1 | sort -u  ) )
	for i in "${IP[@]}"; do
		CHECK=$( cat $NFT_CACHE | grep $i)
		if [ "$CHECK" = "" ];
			then
					echo "Blocking IP: $i"
					logger "Blocking IP: $i"
					$NFT add rule ip filter input ip saddr $i $NFT_DROP
			else
				echo 
				echo "Skipping Duplicate IP $i"
				echo
		fi	
	done
}

watch() {
	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
	echo "Scanning $DATE"
	echo
	IP=( $( grep $DATE $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | cut -d ' ' -f1 | sort -u  ) )
	for i in "${IP[@]}"; do
		COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l) 
		echo "$i $COUNT"
		CHECK=$( cat $NFT_CACHE | grep $i)
		if [ "$CHECK" = "" ];
			then
				if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then
					echo "Blocking IP: $i"
					logger "Blocking IP: $i"
					echo $i >> $TMP_BLOCK
					$NFT add rule ip filter input ip saddr $i $NFT_DROP
			 	fi
			else
				echo 
				echo "Skipping Duplicate IP $i"
				echo
		fi	
	done
}

if [ "$1" = "start" ]; then
	start
elif [ "$1" = "virt" ]; then
	virtualization
elif [ "$1" = "bot-search" ]; then
	bot-search
elif [ "$1" = "attacker-protection" ]; then
	attacker-protection
elif [ "$1" = "country" ]; then
	blockCountry
elif [ "$1" = "status" ]; then
	status
elif [ "$1" = "forgive" ]; then
	forgive
elif [ "$1" = "watch" ]; then
	watch
elif [ "$1" = "research" ]; then
	research 
elif [ "$1" = "stop" ]; then
	stop
elif [ "$1" = "saved" ]; then
	saved-bots
else
	echo "Invalid Choice"
fi
fix 2024-07-19 17:44:28 -06:00			`#!/bin/bash`
fix 2024-09-09 14:14:23 -06:00			`MY_IP="47.5.112.50"`
fix 2024-09-10 12:07:21 -06:00			`ATTACK_THRESHOLD="50"`
fix 2024-08-01 13:00:44 -06:00			`SERVER_IP='192.168.0.55'`
fix 2024-09-09 14:14:23 -06:00			`NGINX_ACCESS="/tmp/access.log"`
isdx 2024-09-05 09:52:50 -06:00			`#WIREGUARD=(51820)`
			`WIREGUARD=(57692)`
fix 2024-07-19 17:44:28 -06:00			`WEB=(80 443)`
idsa 2024-09-04 09:37:04 -06:00			`ADGUARD=(3000 8082 853 )`
fix 2024-07-30 23:45:13 -06:00			`UPTIME=(4001)`
fix 2024-07-31 13:45:05 -06:00			`DNS=(53 67 68)`
fix 2024-07-19 17:44:28 -06:00			`CUPS=(631 5353)`
			`BITCOIN=(8333 8332 8334 4050)`
fix 2024-07-30 23:45:13 -06:00			`LND=(10009 9735 8080 28334 28333 19998 29000)`
fix 2024-07-19 17:44:28 -06:00			`SYNCTHING=(22000 8384 21027)`
			`NFS=(2049 111)`
fix 2024-07-30 23:45:13 -06:00			`JELLYFIN=(8096 7359)`
fix 2024-07-30 18:34:03 -06:00			`MACHINES=(127.0.0.1)`
fix 2024-07-23 21:11:56 -06:00			`VIRT_BRIDGE="virbr0"`
fix 2024-07-30 18:28:34 -06:00			`ADMIN=(22)`
d 2024-07-19 18:15:02 -06:00			`#### NFT CONFIG ####`
fix 2024-07-20 14:37:37 -06:00			`NFT='/usr/sbin/nft'`
			`NFT_TCP="$NFT add rule ip filter input tcp dport"`
			`NFT_UDP="$NFT add rule ip filter input udp dport"`
idsa 2024-09-04 09:37:04 -06:00			`NFT6_UDP="$NFT add rule ip6 filter input udp dport"`
			`NFT6_TCP="$NFT add rule ip6 filter input tcp dport"`
d 2024-07-19 19:18:04 -06:00			`NFT_DROP='counter drop'`
			`NFT_ACCEPT='counter accept'`
fix 2024-07-20 14:34:05 -06:00			`NFT='/usr/sbin/nft'`
fix 2024-09-09 14:14:23 -06:00			`NFT_CACHE='/tmp/nft.cache'`
fix 2024-09-10 13:33:08 -06:00			`TMP_BLOCK='/tmp/tmp-blocked.txt'`
fix 2024-07-19 17:44:28 -06:00			`####`
fix 2024-08-25 15:15:42 -06:00			`SAVED_BOTS='/opt/firewall/bots.txt'`
			`CRAWLER_DB='/opt/firewall/crawlers.txt'`
fix 2024-09-10 09:15:01 -06:00			`SAFE_TRAFFIC='/opt/firewall/safe.txt'`
fix 2024-08-25 15:15:42 -06:00			`PEDO_DB='/opt/firewall/pedo.txt'`
			`PEDO_LOG='/opt/firewall/pedo-log.txt'`
			`fediblock_DB='/opt/firewall/fediblock.txt'`
fix 2024-07-23 00:17:12 -06:00			`fediblock_TMP='/tmp/fediblock.tmp'`
fix 2024-08-25 15:15:42 -06:00			`ATTACKER_DB='/opt/firewall/attacker-db.txt'`
			`ATTACKER_LOG='/opt/firewall/attackers.txt'`
fix 2024-07-19 17:44:28 -06:00			`BOT_ACCOUNT="blockbot@detroitriotcity.com"`
			`CRAWLER_TMP='/tmp/crawlers.txt'`
			`DATE="$(date +%Y:%H: -d "1 hour ago")"`
			`#DATE="$(date +%Y:%H:)";`
fix 2024-09-09 22:54:52 -06:00			`RULE_SET='/opt/firewall/nft.rules'`
fix 2024-08-01 13:00:44 -06:00			`COUNTRY=(`
			`https://www.ipdeny.com/ipblocks/data/countries/il.zone`
			`https://www.ipdeny.com/ipblocks/data/countries/cn.zone`
			`)`

fix 2024-09-04 09:51:57 -06:00			`noscl setprivate 0fe0b7d521c1b599b12a3b1e72acc6f08d2011083f25379d0b90a506d044266f`
fix 2024-09-09 14:14:23 -06:00			`nft list table filter > $NFT_CACHE`
fix 2024-07-19 17:44:28 -06:00
fix 2024-08-01 13:00:44 -06:00			`blockCountry() {`
			`for i in "${COUNTRY[@]}"; do`
			`echo`
			`echo "Blocking $i"`
			`DB=( $(curl $i) )`
			`for j in "${DB[@]}"; do`
fix 2024-09-07 11:19:18 -06:00			`$NFT add rule ip filter input ip saddr $j $NFT_DROP`
fix 2024-08-01 13:00:44 -06:00			`done`
			`done`

			`}`


dsfd 2024-07-19 20:06:06 -06:00			`wireguard-networking() {`
fix 2024-07-20 14:34:05 -06:00			`$NFT add table nat`
			`$NFT add chain nat postrouting`
			`$NFT add rule nat postrouting oif wg0 iif enp11s0`
			`$NFT add rule nat postrouting oif enp11s0 iif wg0`
			`$NFT add rule nat postrouting masquerade`
fix 2024-08-25 15:11:05 -06:00			`$NFT add rule filter forward iifname wg0 oif enp11s0 $NFT_ACCEPT`
			`$NFT add rule filter forward iifname enp11s0 oif wg0 $NFT_ACCEPT`
			`$NFT add rule ip filter input ip saddr 192.168.5.0/24 $NFT_ACCEPT`
sds 2024-07-19 19:56:18 -06:00			`}`

fix 2024-07-20 14:51:36 -06:00			`attacker-protection() {`
fix 2024-09-09 22:32:56 -06:00			`saved-attackers`
fix 2024-09-09 14:14:23 -06:00			`watch`
fix 2024-07-19 17:44:28 -06:00			`pedo-search`
fix 2024-09-09 14:14:23 -06:00			`bot-search`
fix 2024-07-20 14:51:36 -06:00			`attacker-search`
fix 2024-07-19 17:44:28 -06:00			`}`

fix 2024-07-20 10:02:23 -06:00			`bot-search() {`
fix 2024-09-09 14:14:23 -06:00			`DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"`
			`CRAWLERS=( $( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep -Evi 'Guro\|spank\|report\|rape\|block' \| grep -Ei -f $CRAWLER_DB \| cut -d "-" -f1 \| sort -u))`
fix 2024-07-20 10:02:23 -06:00
			`echo`
			`echo "Processing Web Crawler list into NFT....."`
			`echo`
			`for i in "${CRAWLERS[@]}"; do`
fix 2024-09-09 14:14:23 -06:00			`CHECK=$( cat $NFT_CACHE \| grep $i)`
			`if [ "$CHECK" = "" ];`
			`then`
			`$NFT add rule ip filter input ip saddr $i $NFT_DROP`
			`else`
			`echo`
			`echo "Skipping Duplicate IP $i"`
			`echo`
			`fi`
fix 2024-07-20 10:02:23 -06:00			`done`
			`}`

fix 2024-07-19 17:44:28 -06:00			`pedo-search() {`
fix 2024-09-09 14:14:23 -06:00			`DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"`
fix 2024-07-19 17:44:28 -06:00			`echo`
d 2024-07-19 18:15:02 -06:00			`echo "Processing Pedo Searches into NFT....."`
fix 2024-09-09 14:14:23 -06:00			`PEDO_SEARCH=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep -Ei 'tag\|search' \| grep -Evi -f $CRAWLER_DB \| grep -Ei -f $PEDO_DB \| head -1)`
			`echo $PEDO_SEARCH`
			`if [ -z "$PEDO_SEARCH" ];`
			`then`
			`echo "No Pedos Found"`
			`else`
			`IP=$(echo $PEDO_SEARCH \| cut -d ' ' -f1)`
			`$NFT add rule ip filter input ip saddr $IP $NFT_DROP`
			`noscl setprivate 0fe0b7d521c1b599b12a3b1e72acc6f08d2011083f25379d0b90a506d044266f`
			`noscl publish --profile=33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 "$QUERY"`
fix 2024-07-19 17:44:28 -06:00
			`fi`
			`}`

			`attacker-search() {`
			`echo`
d 2024-07-19 18:15:02 -06:00			`echo "Processing Attacker Searches into NFT....."`
fix 2024-07-19 17:44:28 -06:00			`echo`
fix 2024-09-09 14:14:23 -06:00			`DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"`
			`ATTACKER_SEARCH=( $( grep $DATE $NGINX_ACCESS \| grep -Ei '127.0.0.1\|"$DATE"' \| grep -vi $MY_IP \| grep -Ei -f $ATTACKER_DB \| cut -d "-" -f1 \| sort -u))`
fix 2024-07-19 17:44:28 -06:00			`for i in "${ATTACKER_SEARCH[@]}"; do`
fix 2024-09-06 14:20:25 -06:00			`$NFT add rule ip filter input ip saddr $i $NFT_DROP`
fix 2024-07-19 17:44:28 -06:00			`QUERY=$(cat $NGINX_ACCESS \| grep -i "$DATE" \| grep -vi $MY_IP \| grep $i \| grep -Ei -f $ATTACKER_DB \| head -1)`
			`if [ -z "$QUERY" ]; then`
			`echo "No Attackers Found"`
			`else`
			`echo "Found Attacker!"`
fix 2024-09-05 13:44:40 -06:00			`noscl publish --profile=33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 "$QUERY"`
fix 2024-07-19 17:44:28 -06:00			`echo $i >>$ATTACKER_LOG`
			`fi`
			`done`

			`}`

			`basic-security() {`
fix 2024-07-20 14:34:05 -06:00			`$NFT add rule filter input icmp type echo-request $NFT_DROP`
fix 2024-07-23 20:20:36 -06:00			`$NFS add rule filter input log`
			`$NFT rule filter input log $NFT_DROP`
fix 2024-07-20 14:34:05 -06:00			`$NFT rule filter output $NFT_ACCEPT`
			`$NFT rule filter forward $NFT_ACCEPT`
			`$NFT insert rule filter input ct state established $NFT_ACCEPT`
			`$NFT insert rule filter input iif lo $NFT_ACCEPT`

fix 2024-08-22 19:44:26 -06:00			`$NFT -f /usr/share/nftables/ipv6-filter.nft`
fix 2024-07-20 14:34:05 -06:00			`$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP`
			`$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP`
fix 2024-07-19 17:44:28 -06:00			`}`

fix 2024-07-23 20:55:46 -06:00			`virtualization() {`
fix 2024-07-29 13:10:36 -06:00			`ip link del virbr0`
fix 2024-07-29 13:53:41 -06:00			`killall dnsmasq`
fix 2024-07-29 13:47:50 -06:00			`/usr/bin/systemctl restart libvirtd`
fix 2024-07-29 13:27:29 -06:00			`/usr/bin/virsh net-start default`
fix 2024-08-14 21:19:06 -06:00			`/usr/bin/systemctl restart pleroma`
fix 2024-07-29 13:57:50 -06:00			`$NFT insert rule filter input iif $VIRT_BRIDGE $NFT_ACCEPT`
fix 2024-07-23 20:55:46 -06:00			`}`

fix 2024-07-30 23:45:13 -06:00
			`uptimeKuma() {`
			`for i in "${UPTIME[@]}"; do`
fix 2024-07-31 13:10:29 -06:00			`$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept`
fix 2024-07-27 21:34:41 -06:00			`done`
			`}`

fix 2024-07-19 17:44:28 -06:00			`admin() {`
			`for i in "${ADMIN[@]}"; do`
sd 2024-07-19 19:20:36 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

fix 2024-07-31 15:26:53 -06:00
fix 2024-07-19 17:44:28 -06:00			`wireguard() {`
			`sysctl -w net.ipv4.conf.all.forwarding=1`
			`for i in "${WIREGUARD[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`web() {`
			`for i in "${WEB[@]}"; do`
fix 2024-07-30 23:45:13 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

fix 2024-07-30 23:45:13 -06:00			`dns(){`
			`for i in "${DNS[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
fix 2024-07-30 23:45:13 -06:00
			`}`

			`adguard() {`
			`for i in "${ADGUARD[@]}"; do`
idsa 2024-09-04 09:37:04 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_TCP $i $NFT_ACCEPT`
fix 2024-07-30 23:45:13 -06:00			`done`
fix 2024-07-19 17:44:28 -06:00			`}`

			`cups() {`
			`for i in "${CUPS[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`bitcoin() {`
			`for i in "${BITCOIN[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`lnd() {`
			`for i in "${LND[@]}"; do`
fix 2024-07-31 13:10:29 -06:00			`$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

fix 2024-07-31 13:10:29 -06:00			`syncthingServer() {`
			`for i in "${SYNCTHING[@]}"; do`
			`$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept`
			`done`

			`}`

fix 2024-07-19 17:44:28 -06:00			`syncthing() {`
			`for i in "${SYNCTHING[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`jellyfin() {`
			`for i in "${JELLYFIN[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
idsa 2024-09-04 09:37:04 -06:00			`$NFT6_TCP $i $NFT_ACCEPT`
			`$NFT6_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`kde-connect() {`
fix 2024-07-20 14:32:21 -06:00			`$NFT_TCP 1714-1764 $NFT_ACCEPT`
			`$NFT_UDP 1714-1764 $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`}`
fix 2024-07-20 14:32:21 -06:00
fix 2024-07-19 17:44:28 -06:00			`nfs() {`
			`for i in "${NFS[@]}"; do`
d 2024-07-19 18:15:02 -06:00			`$NFT_TCP $i $NFT_ACCEPT`
			`$NFT_UDP $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`trust() {`
			`for i in "${MACHINES[@]}"; do`
fix 2024-07-20 14:34:05 -06:00			`$NFT add rule filter input ip saddr $i $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`done`
			`}`

			`start() {`

fix 2024-07-20 14:34:05 -06:00			`$NFT flush ruleset`
fix 2024-09-09 22:54:52 -06:00
fix 2024-09-10 11:35:44 -06:00			`# if [ -f "$RULE_SET" ]; then`
			`# echo`
fix 2024-09-09 22:54:52 -06:00			`echo "Importing Existing Rule Set"`
fix 2024-09-10 11:35:44 -06:00			`#$NFT -f $RULE_SET`
			`# else`
			`#echo`
			`#echo "No existing Rules saved"`
fix 2024-09-09 22:54:52 -06:00			`$NFT -f /usr/share/nftables/ipv4-filter.nft`
fix 2024-09-10 11:35:44 -06:00			`# fi`
sd 2024-07-19 19:20:36 -06:00
fix 2024-07-19 17:44:28 -06:00			`if [[ $HOSTNAME == "nas" ]]; then`
fix 2024-09-09 14:14:23 -06:00			`attacker-protection`
fix 2024-07-19 17:44:28 -06:00			`wireguard`
			`web`
fix 2024-07-30 23:45:13 -06:00			`admin`
fix 2024-07-19 17:44:28 -06:00			`adguard`
fix 2024-07-30 23:45:13 -06:00			`dns`
fix 2024-07-19 17:44:28 -06:00			`cups`
fix 2024-07-31 13:10:29 -06:00			`syncthingServer`
fix 2024-09-01 22:35:47 -06:00			`syncthing`
fix 2024-09-09 22:54:52 -06:00			`#blockCountry`
fix 2024-07-19 17:44:28 -06:00			`jellyfin`
isdx 2024-09-05 09:52:50 -06:00			`wireguard-networking`
fix 2024-07-31 00:37:48 -06:00			`uptimeKuma`
fix 2024-08-22 19:44:26 -06:00			`docker restart uptime-kuma`
			`$NFT insert rule filter input iif docker0 $NFT_ACCEPT`
d 2024-07-19 19:18:04 -06:00			`basic-security`
fix 2024-07-19 17:44:28 -06:00			`else`
fix 2024-09-09 22:54:52 -06:00			`virtualization`
df 2024-07-19 19:20:08 -06:00			`basic-security`
fix 2024-07-19 17:44:28 -06:00			`fi`

sd 2024-07-19 19:20:36 -06:00			`}`
d 2024-07-19 18:15:02 -06:00
fix 2024-09-10 13:33:08 -06:00			`research(){`
			`STATS=( $( cat $TMP_BLOCK ) )`
			`for i in "${STATS[@]}"; do`
			`echo "------------------[Researching $i]-----------------------"`
			`grep $i $NGINX_LOG`
			`echo "------------------[ENDi]-----------------------"`
			`done`
			`}`

dsfd 2024-07-19 20:06:06 -06:00			`status() {`
fix 2024-09-10 09:58:37 -06:00			`DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"`
			`STATS=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| wc -l )`
fix 2024-09-10 10:00:42 -06:00			`GET=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep GET \| wc -l )`
			`POST=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep POST \| wc -l )`
			`PUT=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep -i PUT \| wc -l )`
fix 2024-09-10 13:33:08 -06:00			`NOT_FOUND=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep 404 \| wc -l )`
			`GATEWAY=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep 502 \| wc -l )`
			`SUCCESS=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep 200 \| wc -l )`
fix 2024-09-10 10:12:18 -06:00			`CRAWL=$( grep $DATE $NGINX_ACCESS \| grep -vi $MY_IP \| grep -Ei -f $CRAWLER_DB \| wc -l )`
fix 2024-09-10 09:54:56 -06:00			`echo "=================================================================="`
fix 2024-09-10 12:07:21 -06:00			`echo "Attack Threshold: $ATTACK_THRESHOLD"`
fix 2024-09-10 10:03:43 -06:00			`echo "Firewall Rules: $($NFT list table filter \| wc -l)"`
			`echo`
fix 2024-09-10 09:58:37 -06:00			`echo "Traffic Last Minute: $STATS"`
fix 2024-09-10 10:03:43 -06:00			`echo " GET: $GET"`
			`echo " PUT: $PUT"`
			`echo " POST: $POST"`
fix 2024-09-10 10:12:18 -06:00			`echo " Crawlers: $CRAWL"`
fix 2024-09-10 10:03:43 -06:00			`echo`
fix 2024-09-10 13:33:08 -06:00			`echo "Query Stats:: "`
			`echo " 200: $SUCCESS"`
			`echo " 404: $NOT_FOUND"`
			`echo " 502: $GATEWAY"`
			`echo`
fix 2024-09-10 09:54:56 -06:00			`echo "Blocked IP's:"`
fix 2024-09-10 13:33:08 -06:00			`cat $TMP_BLOCK`
fix 2024-09-10 09:54:56 -06:00			`echo "=================================================================="`
dsfd 2024-07-19 20:06:06 -06:00			`}`

fix 2024-07-19 17:44:28 -06:00			`stop() {`
fix 2024-09-10 09:54:56 -06:00			`forgive`
fix 2024-09-09 22:54:52 -06:00			`$NFT -s list ruleset \| tee $RULE_SET`
fix 2024-07-20 14:34:05 -06:00			`$NFT flush ruleset`
fix 2024-08-22 19:44:26 -06:00			`$NFT -f /usr/share/nftables/ipv4-filter.nft`
fix 2024-07-20 14:34:05 -06:00			`$NFT add rule filter input icmp type echo-request $NFT_ACCEPT`
			`$NFT rule filter input $NFT_ACCEPT`
			`$NFT rule filter output $NFT_ACCEPT`
			`$NFT rule filter forward $NFT_ACCEPT`
			`$NFT insert rule filter input ct state established $NFT_ACCEPT`
			`$NFT insert rule filter input iif lo $NFT_ACCEPT`

fix 2024-08-22 19:44:26 -06:00			`$NFT -f /usr/share/nftables/ipv6-filter.nft`
fix 2024-07-20 14:34:05 -06:00			`$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT`
			`$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT`
fix 2024-07-19 17:44:28 -06:00			`}`

fix 2024-09-09 14:14:23 -06:00			`forgive() {`
fix 2024-09-10 13:33:08 -06:00			`IP=( $( grep -vi $MY_IP $TMP_BLOCK) )`
fix 2024-09-09 14:14:23 -06:00			`echo $IP`
			`for i in "${IP[@]}"; do`
fix 2024-09-10 09:15:01 -06:00			`echo "Checking $i"`
fix 2024-09-09 14:14:23 -06:00			`HANDLE=$(nft -n -a list ruleset \| grep $i \| grep handle \| cut -d '#' -f2 \| cut -d ' ' -f3)`
fix 2024-09-10 09:15:01 -06:00			`echo "Removing: $i"`
			`echo $NFT delete rule ip filter input handle $HANDLE`
fix 2024-09-09 14:14:23 -06:00			`$NFT delete rule ip filter input handle $HANDLE`
			`done`
fix 2024-09-10 13:33:08 -06:00			`echo > $TMP_BLOCk`
fix 2024-09-09 14:14:23 -06:00			`}`

fix 2024-09-09 22:32:56 -06:00			`saved-attackers() {`
			`echo`
			`IP=( $( cat $ATTACKER_LOG \| grep -vi $MY_IP \| cut -d ' ' -f1 \| sort -u ) )`
			`for i in "${IP[@]}"; do`
			`CHECK=$( cat $NFT_CACHE \| grep $i)`
			`if [ "$CHECK" = "" ];`
			`then`
			`echo "Blocking IP: $i"`
			`logger "Blocking IP: $i"`
			`$NFT add rule ip filter input ip saddr $i $NFT_DROP`
			`else`
			`echo`
			`echo "Skipping Duplicate IP $i"`
			`echo`
			`fi`
			`done`
			`}`

fix 2024-09-09 14:14:23 -06:00			`watch() {`
			`DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"`
			`echo "Scanning $DATE"`
			`echo`
fix 2024-09-10 09:15:01 -06:00			`IP=( $( grep $DATE $NGINX_ACCESS \| grep -Evi -f $SAFE_TRAFFIC \| grep -vi $MY_IP \| cut -d ' ' -f1 \| sort -u ) )`
fix 2024-09-09 14:14:23 -06:00			`for i in "${IP[@]}"; do`
			`COUNT=$( grep $DATE $NGINX_ACCESS \| grep "$i" \| wc -l)`
fix 2024-09-10 11:35:44 -06:00			`echo "$i $COUNT"`
fix 2024-09-09 14:14:23 -06:00			`CHECK=$( cat $NFT_CACHE \| grep $i)`
			`if [ "$CHECK" = "" ];`
			`then`
fix 2024-09-10 12:07:21 -06:00			`if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then`
fix 2024-09-09 14:14:23 -06:00			`echo "Blocking IP: $i"`
			`logger "Blocking IP: $i"`
fix 2024-09-10 13:33:08 -06:00			`echo $i >> $TMP_BLOCK`
fix 2024-09-09 14:14:23 -06:00			`$NFT add rule ip filter input ip saddr $i $NFT_DROP`
			`fi`
			`else`
			`echo`
			`echo "Skipping Duplicate IP $i"`
			`echo`
			`fi`
			`done`
			`}`

fix 2024-07-19 17:44:28 -06:00			`if [ "$1" = "start" ]; then`
			`start`
fix 2024-07-29 13:53:41 -06:00			`elif [ "$1" = "virt" ]; then`
			`virtualization`
fix 2024-07-20 14:51:36 -06:00			`elif [ "$1" = "bot-search" ]; then`
			`bot-search`
			`elif [ "$1" = "attacker-protection" ]; then`
			`attacker-protection`
fix 2024-08-01 13:00:44 -06:00			`elif [ "$1" = "country" ]; then`
			`blockCountry`
dsfd 2024-07-19 20:06:06 -06:00			`elif [ "$1" = "status" ]; then`
			`status`
fix 2024-09-09 14:14:23 -06:00			`elif [ "$1" = "forgive" ]; then`
			`forgive`
			`elif [ "$1" = "watch" ]; then`
			`watch`
fix 2024-09-10 13:33:08 -06:00			`elif [ "$1" = "research" ]; then`
			`research`
fix 2024-07-19 17:44:28 -06:00			`elif [ "$1" = "stop" ]; then`
			`stop`
fix 2024-08-13 15:18:27 -06:00			`elif [ "$1" = "saved" ]; then`
			`saved-bots`
fix 2024-07-19 17:44:28 -06:00			`else`
			`echo "Invalid Choice"`
			`fi`