2024-07-19 17:44:28 -06:00
|
|
|
#!/bin/bash
|
2024-09-09 14:14:23 -06:00
|
|
|
MY_IP="47.5.112.50"
|
2024-09-10 22:46:09 -06:00
|
|
|
ATTACK_THRESHOLD="50"
|
2024-08-01 13:00:44 -06:00
|
|
|
SERVER_IP='192.168.0.55'
|
2024-09-09 14:14:23 -06:00
|
|
|
NGINX_ACCESS="/tmp/access.log"
|
2024-09-05 09:52:50 -06:00
|
|
|
#WIREGUARD=(51820)
|
|
|
|
|
WIREGUARD=(57692)
|
2024-07-19 17:44:28 -06:00
|
|
|
WEB=(80 443)
|
2024-09-12 15:58:52 -06:00
|
|
|
ADGUARD=(3000 8082 853)
|
2024-07-30 23:45:13 -06:00
|
|
|
UPTIME=(4001)
|
2024-07-31 13:45:05 -06:00
|
|
|
DNS=(53 67 68)
|
2024-07-19 17:44:28 -06:00
|
|
|
CUPS=(631 5353)
|
|
|
|
|
BITCOIN=(8333 8332 8334 4050)
|
2024-07-30 23:45:13 -06:00
|
|
|
LND=(10009 9735 8080 28334 28333 19998 29000)
|
2024-07-19 17:44:28 -06:00
|
|
|
SYNCTHING=(22000 8384 21027)
|
|
|
|
|
NFS=(2049 111)
|
2024-07-30 23:45:13 -06:00
|
|
|
JELLYFIN=(8096 7359)
|
2024-07-30 18:34:03 -06:00
|
|
|
MACHINES=(127.0.0.1)
|
2024-07-23 21:11:56 -06:00
|
|
|
VIRT_BRIDGE="virbr0"
|
2024-07-30 18:28:34 -06:00
|
|
|
ADMIN=(22)
|
2024-07-19 18:15:02 -06:00
|
|
|
#### NFT CONFIG ####
|
2024-07-20 14:37:37 -06:00
|
|
|
NFT='/usr/sbin/nft'
|
|
|
|
|
NFT_TCP="$NFT add rule ip filter input tcp dport"
|
|
|
|
|
NFT_UDP="$NFT add rule ip filter input udp dport"
|
2024-09-04 09:37:04 -06:00
|
|
|
NFT6_UDP="$NFT add rule ip6 filter input udp dport"
|
|
|
|
|
NFT6_TCP="$NFT add rule ip6 filter input tcp dport"
|
2024-07-19 19:18:04 -06:00
|
|
|
NFT_DROP='counter drop'
|
|
|
|
|
NFT_ACCEPT='counter accept'
|
2024-07-20 14:34:05 -06:00
|
|
|
NFT='/usr/sbin/nft'
|
2024-09-09 14:14:23 -06:00
|
|
|
NFT_CACHE='/tmp/nft.cache'
|
2024-09-10 18:20:24 -06:00
|
|
|
TMP_BLOCK='/tmp/tmp-blocked.txt'
|
2024-07-19 17:44:28 -06:00
|
|
|
####
|
2024-08-25 15:15:42 -06:00
|
|
|
SAVED_BOTS='/opt/firewall/bots.txt'
|
|
|
|
|
CRAWLER_DB='/opt/firewall/crawlers.txt'
|
2024-09-10 09:15:01 -06:00
|
|
|
SAFE_TRAFFIC='/opt/firewall/safe.txt'
|
2024-08-25 15:15:42 -06:00
|
|
|
PEDO_DB='/opt/firewall/pedo.txt'
|
|
|
|
|
PEDO_LOG='/opt/firewall/pedo-log.txt'
|
|
|
|
|
ATTACKER_DB='/opt/firewall/attacker-db.txt'
|
|
|
|
|
ATTACKER_LOG='/opt/firewall/attackers.txt'
|
2024-07-19 17:44:28 -06:00
|
|
|
BOT_ACCOUNT="blockbot@detroitriotcity.com"
|
|
|
|
|
CRAWLER_TMP='/tmp/crawlers.txt'
|
|
|
|
|
DATE="$(date +%Y:%H: -d "1 hour ago")"
|
|
|
|
|
#DATE="$(date +%Y:%H:)";
|
2024-09-09 22:54:52 -06:00
|
|
|
RULE_SET='/opt/firewall/nft.rules'
|
2024-09-10 15:21:29 -06:00
|
|
|
MENU_TOP="=============================FireWall================================="
|
|
|
|
|
MENU_BOTTOM="====================================================================="
|
2024-08-01 13:00:44 -06:00
|
|
|
COUNTRY=(
|
|
|
|
|
https://www.ipdeny.com/ipblocks/data/countries/il.zone
|
|
|
|
|
https://www.ipdeny.com/ipblocks/data/countries/cn.zone
|
|
|
|
|
)
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
nft list table filter >$NFT_CACHE
|
2024-07-19 17:44:28 -06:00
|
|
|
|
2024-08-01 13:00:44 -06:00
|
|
|
blockCountry() {
|
|
|
|
|
for i in "${COUNTRY[@]}"; do
|
|
|
|
|
echo
|
|
|
|
|
echo "Blocking $i"
|
2024-09-12 15:58:52 -06:00
|
|
|
DB=($(curl $i))
|
2024-08-01 13:00:44 -06:00
|
|
|
for j in "${DB[@]}"; do
|
2024-09-11 22:55:26 -06:00
|
|
|
$NFT add rule ip filter input position 8 ip saddr $j $NFT_DROP
|
2024-08-01 13:00:44 -06:00
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 20:06:06 -06:00
|
|
|
wireguard-networking() {
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT add table nat
|
|
|
|
|
$NFT add chain nat postrouting
|
|
|
|
|
$NFT add rule nat postrouting oif wg0 iif enp11s0
|
|
|
|
|
$NFT add rule nat postrouting oif enp11s0 iif wg0
|
|
|
|
|
$NFT add rule nat postrouting masquerade
|
2024-08-25 15:11:05 -06:00
|
|
|
$NFT add rule filter forward iifname wg0 oif enp11s0 $NFT_ACCEPT
|
|
|
|
|
$NFT add rule filter forward iifname enp11s0 oif wg0 $NFT_ACCEPT
|
|
|
|
|
$NFT add rule ip filter input ip saddr 192.168.5.0/24 $NFT_ACCEPT
|
2024-07-19 19:56:18 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-20 14:51:36 -06:00
|
|
|
attacker-protection() {
|
2024-09-09 22:32:56 -06:00
|
|
|
saved-attackers
|
2024-09-09 14:14:23 -06:00
|
|
|
watch
|
2024-07-19 17:44:28 -06:00
|
|
|
pedo-search
|
2024-09-09 14:14:23 -06:00
|
|
|
bot-search
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-20 10:02:23 -06:00
|
|
|
bot-search() {
|
2024-09-12 15:58:52 -06:00
|
|
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
|
|
|
|
|
CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ei -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | cut -d "-" -f1 | sort -u))
|
2024-07-20 10:02:23 -06:00
|
|
|
|
|
|
|
|
echo
|
|
|
|
|
echo "Processing Web Crawler list into NFT....."
|
|
|
|
|
echo
|
|
|
|
|
for i in "${CRAWLERS[@]}"; do
|
2024-09-12 15:58:52 -06:00
|
|
|
CHECK=$(cat $NFT_CACHE | grep $i)
|
|
|
|
|
if [ "$CHECK" = "" ]; then
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP
|
|
|
|
|
echo $i >>$SAVED_BOTS
|
|
|
|
|
else
|
|
|
|
|
echo
|
|
|
|
|
echo "Skipping Duplicate IP $i"
|
|
|
|
|
echo
|
|
|
|
|
fi
|
2024-07-20 10:02:23 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
drc-alert() {
|
|
|
|
|
toot activate $BOT_ACCOUNT
|
2024-09-12 18:55:45 -06:00
|
|
|
toot post ":emergency: :hacker_p: :hacker_e: :hacker_d: :hacker_o: :trans: :hacker_a: :hacker_l: :hacker_e: :hacker_r: :hacker_t: :emergency2: $1" -m /root/detroit/akkoma/blockbot/pedo.png
|
2024-09-12 15:58:18 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
pedo-search() {
|
2024-09-12 15:58:52 -06:00
|
|
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
|
2024-07-19 17:44:28 -06:00
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
PEDO_SEARCH=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei 'tag|search' | grep -Evi -f $CRAWLER_DB | grep -Ei -f $PEDO_DB | head -1)
|
2024-09-12 15:58:18 -06:00
|
|
|
echo $PEDO_SEARCH
|
2024-09-12 15:58:52 -06:00
|
|
|
if [ "$PEDO_SEARCH" ]; then
|
|
|
|
|
echo "Pedo Found!"
|
|
|
|
|
echo "Processing Pedo Searches into NFT....."
|
|
|
|
|
IP=$(echo $PEDO_SEARCH | cut -d ' ' -f1)
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr $IP $NFT_DROP
|
|
|
|
|
message "[Pedo Alert] $PEDO_SEARCH"
|
|
|
|
|
drc-alert "$PEDO_SEARCH"
|
|
|
|
|
else
|
|
|
|
|
echo
|
|
|
|
|
echo "No Pedos Found"
|
|
|
|
|
echo
|
|
|
|
|
fi
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
basic-security() {
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT add rule filter input icmp type echo-request $NFT_DROP
|
2024-09-10 17:47:19 -06:00
|
|
|
$NFT add rule filter input log
|
2024-07-23 20:20:36 -06:00
|
|
|
$NFT rule filter input log $NFT_DROP
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT rule filter output $NFT_ACCEPT
|
|
|
|
|
$NFT rule filter forward $NFT_ACCEPT
|
|
|
|
|
$NFT insert rule filter input ct state established $NFT_ACCEPT
|
|
|
|
|
$NFT insert rule filter input iif lo $NFT_ACCEPT
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
# $NFT -f /opt/firewall/ipv6-filter.nft
|
|
|
|
|
# $NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
|
|
|
|
|
# $NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
|
|
|
|
|
$NFT add rule filter input drop
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-23 20:55:46 -06:00
|
|
|
virtualization() {
|
2024-07-29 13:10:36 -06:00
|
|
|
ip link del virbr0
|
2024-07-29 13:53:41 -06:00
|
|
|
killall dnsmasq
|
2024-07-29 13:47:50 -06:00
|
|
|
/usr/bin/systemctl restart libvirtd
|
2024-07-29 13:27:29 -06:00
|
|
|
/usr/bin/virsh net-start default
|
2024-08-14 21:19:06 -06:00
|
|
|
/usr/bin/systemctl restart pleroma
|
2024-07-29 13:57:50 -06:00
|
|
|
$NFT insert rule filter input iif $VIRT_BRIDGE $NFT_ACCEPT
|
2024-07-23 20:55:46 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-30 23:45:13 -06:00
|
|
|
uptimeKuma() {
|
|
|
|
|
for i in "${UPTIME[@]}"; do
|
2024-07-31 13:10:29 -06:00
|
|
|
$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
|
2024-07-27 21:34:41 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
admin() {
|
|
|
|
|
for i in "${ADMIN[@]}"; do
|
2024-07-19 19:20:36 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wireguard() {
|
|
|
|
|
sysctl -w net.ipv4.conf.all.forwarding=1
|
|
|
|
|
for i in "${WIREGUARD[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
web() {
|
|
|
|
|
for i in "${WEB[@]}"; do
|
2024-07-30 23:45:13 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
dns() {
|
2024-07-30 23:45:13 -06:00
|
|
|
for i in "${DNS[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
2024-07-30 23:45:13 -06:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
adguard() {
|
|
|
|
|
for i in "${ADGUARD[@]}"; do
|
2024-09-04 09:37:04 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
2024-07-30 23:45:13 -06:00
|
|
|
done
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cups() {
|
|
|
|
|
for i in "${CUPS[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bitcoin() {
|
|
|
|
|
for i in "${BITCOIN[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lnd() {
|
|
|
|
|
for i in "${LND[@]}"; do
|
2024-07-31 13:10:29 -06:00
|
|
|
$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-31 13:10:29 -06:00
|
|
|
syncthingServer() {
|
|
|
|
|
for i in "${SYNCTHING[@]}"; do
|
|
|
|
|
$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
syncthing() {
|
|
|
|
|
for i in "${SYNCTHING[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
jellyfin() {
|
|
|
|
|
for i in "${JELLYFIN[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-09-10 17:47:19 -06:00
|
|
|
#$NFT6_TCP $i $NFT_ACCEPT
|
|
|
|
|
#$NFT6_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kde-connect() {
|
2024-09-12 15:58:52 -06:00
|
|
|
$NFT_TCP 1714-1764 $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP 1714-1764 $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
2024-07-20 14:32:21 -06:00
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
nfs() {
|
|
|
|
|
for i in "${NFS[@]}"; do
|
2024-07-19 18:15:02 -06:00
|
|
|
$NFT_TCP $i $NFT_ACCEPT
|
|
|
|
|
$NFT_UDP $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
trust() {
|
|
|
|
|
for i in "${MACHINES[@]}"; do
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT add rule filter input ip saddr $i $NFT_ACCEPT
|
2024-07-19 17:44:28 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
import() {
|
2024-09-10 17:47:19 -06:00
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
STATS=($(cat $SAVED_BOTS | sort -u))
|
2024-09-10 17:47:19 -06:00
|
|
|
for i in "${STATS[@]}"; do
|
|
|
|
|
if [[ $i == *":"* ]]; then
|
|
|
|
|
echo "Skipping ipv6"
|
2024-09-12 15:58:52 -06:00
|
|
|
else
|
|
|
|
|
$NFT add rule ip filter input ip saddr $i $NFT_DROP &
|
2024-09-10 17:47:19 -06:00
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
start() {
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT flush ruleset
|
2024-09-09 22:54:52 -06:00
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
# if [ -f "$RULE_SET" ]; then
|
|
|
|
|
# echo
|
|
|
|
|
# echo "Importing Existing Rule Set"
|
|
|
|
|
#$NFT -f $RULE_SET
|
|
|
|
|
# else
|
|
|
|
|
#echo
|
|
|
|
|
#echo "No existing Rules saved"
|
|
|
|
|
$NFT -f /opt/firewall/ipv4-filter.nft
|
|
|
|
|
# fi
|
2024-07-19 19:20:36 -06:00
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
if [[ $HOSTNAME == *"nas"* ]]; then
|
2024-09-10 17:47:19 -06:00
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
import
|
2024-09-09 14:14:23 -06:00
|
|
|
attacker-protection
|
2024-07-19 17:44:28 -06:00
|
|
|
wireguard
|
|
|
|
|
web
|
2024-07-30 23:45:13 -06:00
|
|
|
admin
|
2024-07-19 17:44:28 -06:00
|
|
|
adguard
|
2024-07-30 23:45:13 -06:00
|
|
|
dns
|
2024-07-19 17:44:28 -06:00
|
|
|
cups
|
2024-07-31 13:10:29 -06:00
|
|
|
syncthingServer
|
2024-09-01 22:35:47 -06:00
|
|
|
syncthing
|
2024-09-11 09:20:26 -06:00
|
|
|
blockCountry
|
2024-07-19 17:44:28 -06:00
|
|
|
jellyfin
|
2024-09-05 09:52:50 -06:00
|
|
|
wireguard-networking
|
2024-07-31 00:37:48 -06:00
|
|
|
uptimeKuma
|
2024-08-22 19:44:26 -06:00
|
|
|
docker restart uptime-kuma
|
|
|
|
|
$NFT insert rule filter input iif docker0 $NFT_ACCEPT
|
2024-07-19 19:18:04 -06:00
|
|
|
basic-security
|
2024-07-19 17:44:28 -06:00
|
|
|
else
|
2024-09-09 22:54:52 -06:00
|
|
|
virtualization
|
2024-07-19 19:20:08 -06:00
|
|
|
basic-security
|
2024-07-19 17:44:28 -06:00
|
|
|
fi
|
2024-09-11 21:43:04 -06:00
|
|
|
message "Starting Firewall"
|
2024-07-19 17:44:28 -06:00
|
|
|
|
2024-07-19 19:20:36 -06:00
|
|
|
}
|
2024-07-19 18:15:02 -06:00
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
research() {
|
|
|
|
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
|
|
|
|
|
STATS=($(cat $TMP_BLOCK | sort -u))
|
2024-09-10 13:33:08 -06:00
|
|
|
for i in "${STATS[@]}"; do
|
2024-09-12 15:58:52 -06:00
|
|
|
echo $MENU_TOP
|
2024-09-10 15:21:29 -06:00
|
|
|
echo " [Researching $i] "
|
2024-09-10 22:21:25 -06:00
|
|
|
echo
|
2024-09-10 22:46:09 -06:00
|
|
|
DATA=$(grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC)
|
2024-09-11 09:38:53 -06:00
|
|
|
echo "$DATA"
|
2024-09-10 22:46:09 -06:00
|
|
|
echo
|
2024-09-10 15:21:29 -06:00
|
|
|
echo $MENU_BOTTOM
|
2024-09-12 15:58:52 -06:00
|
|
|
echo
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
2024-09-10 13:33:08 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
automaticStatus() {
|
2024-09-10 15:21:29 -06:00
|
|
|
status
|
|
|
|
|
sleep 30
|
|
|
|
|
automaticStatus
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 20:06:06 -06:00
|
|
|
status() {
|
2024-09-10 13:44:36 -06:00
|
|
|
clear
|
2024-09-12 15:58:52 -06:00
|
|
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
|
|
|
|
|
STATS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l)
|
|
|
|
|
GET=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l)
|
|
|
|
|
POST=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l)
|
|
|
|
|
PUT=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l)
|
|
|
|
|
NOT_FOUND=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
|
|
|
|
|
GATEWAY=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
|
|
|
|
|
SUCCESS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
|
|
|
|
|
CRAWL=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l)
|
2024-09-10 15:21:29 -06:00
|
|
|
echo $MENU_TOP
|
2024-09-10 12:07:21 -06:00
|
|
|
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
2024-09-10 10:03:43 -06:00
|
|
|
echo "Firewall Rules: $($NFT list table filter | wc -l)"
|
|
|
|
|
echo
|
2024-09-10 09:58:37 -06:00
|
|
|
echo "Traffic Last Minute: $STATS"
|
2024-09-10 10:03:43 -06:00
|
|
|
echo " GET: $GET"
|
|
|
|
|
echo " PUT: $PUT"
|
|
|
|
|
echo " POST: $POST"
|
2024-09-10 10:12:18 -06:00
|
|
|
echo " Crawlers: $CRAWL"
|
2024-09-10 10:03:43 -06:00
|
|
|
echo
|
2024-09-10 13:33:08 -06:00
|
|
|
echo "Query Stats:: "
|
|
|
|
|
echo " 200: $SUCCESS"
|
|
|
|
|
echo " 404: $NOT_FOUND"
|
|
|
|
|
echo " 502: $GATEWAY"
|
|
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
echo "Dropped Traffic: $($NFT list table filter | grep -Ei 'log counter packets' | cut -d ' ' -f6)"
|
|
|
|
|
echo
|
2024-09-10 18:20:24 -06:00
|
|
|
echo "Rate-limited IP's:"
|
|
|
|
|
cat $TMP_BLOCK | sort -u
|
2024-09-10 15:21:29 -06:00
|
|
|
echo $MENU_BOTTOM
|
2024-07-19 20:06:06 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
stop() {
|
2024-09-12 15:58:52 -06:00
|
|
|
#forgive
|
2024-09-09 22:54:52 -06:00
|
|
|
$NFT -s list ruleset | tee $RULE_SET
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT flush ruleset
|
2024-08-22 19:44:26 -06:00
|
|
|
$NFT -f /usr/share/nftables/ipv4-filter.nft
|
2024-07-20 14:34:05 -06:00
|
|
|
$NFT add rule filter input icmp type echo-request $NFT_ACCEPT
|
|
|
|
|
$NFT rule filter input $NFT_ACCEPT
|
|
|
|
|
$NFT rule filter output $NFT_ACCEPT
|
|
|
|
|
$NFT rule filter forward $NFT_ACCEPT
|
|
|
|
|
$NFT insert rule filter input ct state established $NFT_ACCEPT
|
|
|
|
|
$NFT insert rule filter input iif lo $NFT_ACCEPT
|
|
|
|
|
|
2024-09-10 18:20:24 -06:00
|
|
|
$NFT -f /opt/firewall/ipv6-filter.nft
|
2024-09-12 15:58:52 -06:00
|
|
|
# $NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT
|
|
|
|
|
# $NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT
|
2024-09-11 21:43:04 -06:00
|
|
|
message "Stopping Firewall"
|
2024-07-19 17:44:28 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-09 14:14:23 -06:00
|
|
|
forgive() {
|
2024-09-12 15:58:52 -06:00
|
|
|
IP=($(grep -vi $MY_IP $TMP_BLOCK | sort -u))
|
2024-09-09 14:14:23 -06:00
|
|
|
echo $IP
|
|
|
|
|
for i in "${IP[@]}"; do
|
|
|
|
|
HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
|
2024-09-10 14:05:52 -06:00
|
|
|
echo "Removing: $i Handle: $HANDLE"
|
2024-09-10 09:15:01 -06:00
|
|
|
echo $NFT delete rule ip filter input handle $HANDLE
|
2024-09-09 14:14:23 -06:00
|
|
|
$NFT delete rule ip filter input handle $HANDLE
|
|
|
|
|
done
|
2024-09-12 15:58:52 -06:00
|
|
|
|
2024-09-10 14:05:52 -06:00
|
|
|
echo "Clearing old $TMP_BLOCK"
|
2024-09-12 15:58:52 -06:00
|
|
|
echo >$TMP_BLOCK
|
2024-09-09 14:14:23 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-09 22:32:56 -06:00
|
|
|
saved-attackers() {
|
|
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
IP=($(cat $ATTACKER_LOG | grep -vi $MY_IP | cut -d ' ' -f1 | sort -u))
|
2024-09-09 22:32:56 -06:00
|
|
|
for i in "${IP[@]}"; do
|
2024-09-12 15:58:52 -06:00
|
|
|
CHECK=$(cat $NFT_CACHE | grep $i)
|
|
|
|
|
if [ "$CHECK" = "" ]; then
|
|
|
|
|
echo "Blocking IP: $i"
|
|
|
|
|
logger "Blocking IP: $i"
|
|
|
|
|
$NFT add rule ip filter input ip saddr $i $NFT_DROP
|
|
|
|
|
else
|
|
|
|
|
echo
|
|
|
|
|
echo "Skipping Duplicate IP $i"
|
|
|
|
|
echo
|
|
|
|
|
fi
|
2024-09-09 22:32:56 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
module-go() {
|
|
|
|
|
GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
|
|
|
|
|
if [[ "$GO_SPAM" -gt 20 ]]; then
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
|
|
|
|
echo $1 >>$TMP_BLOCK
|
|
|
|
|
message "Go Spam Attack!"
|
|
|
|
|
fi
|
2024-09-10 17:47:19 -06:00
|
|
|
}
|
2024-09-10 22:21:25 -06:00
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
module-get-spam() {
|
|
|
|
|
GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
|
|
|
|
|
if [[ "$GET_SPAM" -gt 20 ]]; then
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
|
|
|
|
echo $1 >>$TMP_BLOCK
|
|
|
|
|
message "GET Spam Attack!"
|
|
|
|
|
fi
|
2024-09-11 21:14:14 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
module-php() {
|
|
|
|
|
PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "defaults.php|config.php|upgrade.php|plugins.php|xmrlpc|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
|
|
|
|
if [[ "$PHP_SPAM" -gt 2 ]]; then
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
|
|
|
|
echo $1 >>$TMP_BLOCK
|
|
|
|
|
message "Wordpress Attack!"
|
|
|
|
|
fi
|
2024-09-10 15:21:29 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
module-lightning() {
|
|
|
|
|
LN_SPAM=$(grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
|
|
|
|
|
if [[ "$LN_SPAM" -gt 5 ]]; then
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
|
|
|
|
message "Lightning Spam Attack!"
|
|
|
|
|
echo $1 >>$TMP_BLOCK
|
|
|
|
|
fi
|
2024-09-10 15:21:29 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-12 15:58:52 -06:00
|
|
|
message() {
|
|
|
|
|
BOT_ACCOUNT="blockbot@detroitriotcity.com"
|
|
|
|
|
echo "$1" | /root/go/bin/algia dm-post -u 33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 --stdin
|
2024-09-11 20:49:44 -06:00
|
|
|
}
|
|
|
|
|
|
2024-09-09 14:14:23 -06:00
|
|
|
watch() {
|
2024-09-12 15:58:52 -06:00
|
|
|
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
|
2024-09-09 14:14:23 -06:00
|
|
|
echo "Scanning $DATE"
|
|
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
IP=($(grep $DATE $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
2024-09-10 22:21:25 -06:00
|
|
|
|
2024-09-09 14:14:23 -06:00
|
|
|
for i in "${IP[@]}"; do
|
2024-09-10 15:21:29 -06:00
|
|
|
module-lightning "$i" "$DATE"
|
2024-09-11 21:47:50 -06:00
|
|
|
module-php "$i" "$DATE"
|
2024-09-10 17:47:19 -06:00
|
|
|
module-go "$i" "$DATE"
|
2024-09-11 22:18:48 -06:00
|
|
|
module-get-spam "$i" "$DATE"
|
2024-09-12 15:58:52 -06:00
|
|
|
|
|
|
|
|
COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Evi -f $SAFE_TRAFFIC | wc -l)
|
|
|
|
|
CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
|
|
|
|
|
|
2024-09-10 22:21:25 -06:00
|
|
|
if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
|
|
|
|
|
echo "Danger!"
|
|
|
|
|
echo "$IP $CHECK $COUNT"
|
2024-09-12 15:58:52 -06:00
|
|
|
if [ "$CHECK" = "" ]; then
|
|
|
|
|
echo "Blocking IP: $i Count: $COUNT"
|
|
|
|
|
logger "Blocking IP: $i with a count of: $COUNT"
|
|
|
|
|
echo $i >>$TMP_BLOCK
|
|
|
|
|
$NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP
|
|
|
|
|
message "Blocking IP: $i with a count of: $COUNT"
|
|
|
|
|
else
|
|
|
|
|
echo
|
|
|
|
|
echo "Skipping Duplicate IP"
|
|
|
|
|
echo
|
|
|
|
|
|
|
|
|
|
fi
|
2024-09-10 22:21:25 -06:00
|
|
|
else
|
2024-09-12 15:58:52 -06:00
|
|
|
echo
|
2024-09-10 22:21:25 -06:00
|
|
|
echo "$i count: $COUNT below Threshhold: $ATTACK_THRESHOLD"
|
|
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
fi
|
2024-09-09 14:14:23 -06:00
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-12 11:36:03 -06:00
|
|
|
test-bots() {
|
2024-09-12 15:58:52 -06:00
|
|
|
TEST=($(cat $SAVED_BOTS))
|
2024-09-12 11:36:03 -06:00
|
|
|
for i in "${TEST[@]}"; do
|
|
|
|
|
DATA=$(grep $i $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB)
|
2024-09-12 15:58:52 -06:00
|
|
|
if [ "$DATA" = "" ]; then
|
2024-09-12 11:36:03 -06:00
|
|
|
echo "No Data. Probably OK"
|
|
|
|
|
else
|
|
|
|
|
echo $DATA
|
2024-09-12 12:50:55 -06:00
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
read -p 'Press Enter to Continue ' -e
|
2024-09-12 11:36:03 -06:00
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-10 14:38:21 -06:00
|
|
|
menu() {
|
2024-09-12 15:58:52 -06:00
|
|
|
clear
|
2024-09-10 14:38:21 -06:00
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
echo $MENU_TOP
|
|
|
|
|
echo "1. Start"
|
|
|
|
|
echo "2. Stop"
|
|
|
|
|
echo "3. Reseearch"
|
|
|
|
|
echo "4. Forgive"
|
|
|
|
|
echo "5. Status"
|
|
|
|
|
echo "6. Live Traffic"
|
|
|
|
|
echo "7. Test Bot Search Rules"
|
|
|
|
|
echo "0. Quit"
|
|
|
|
|
echo $MENU_BOTTOM
|
2024-09-10 14:38:21 -06:00
|
|
|
echo
|
2024-09-12 15:58:52 -06:00
|
|
|
read -p 'Choice: ' CHOICE
|
|
|
|
|
echo
|
|
|
|
|
if [ "$CHOICE" = "1" ]; then
|
|
|
|
|
echo
|
|
|
|
|
echo "Starting Firewall"
|
|
|
|
|
start
|
|
|
|
|
read -p 'Press Enter to Continue ' -e-
|
|
|
|
|
elif [ "$CHOICE" = "2" ]; then
|
|
|
|
|
echo
|
|
|
|
|
echo "Stopping Firewall"
|
|
|
|
|
stop
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
|
|
|
|
elif [ "$CHOICE" = "3" ]; then
|
|
|
|
|
research
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
|
|
|
|
elif [ "$CHOICE" = "4" ]; then
|
|
|
|
|
forgive
|
|
|
|
|
elif [ "$CHOICE" = "5" ]; then
|
|
|
|
|
status
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
|
|
|
|
elif [ "$CHOICE" = "6" ]; then
|
|
|
|
|
tail -f $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
|
|
|
|
elif [ "$CHOICE" = "7" ]; then
|
|
|
|
|
test-bots
|
|
|
|
|
read -p 'Press Enter to Continue ' -e
|
|
|
|
|
elif [ "$CHOICE" = "0" ]; then
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
echo
|
|
|
|
|
menu
|
2024-09-10 14:38:21 -06:00
|
|
|
}
|
|
|
|
|
|
2024-07-19 17:44:28 -06:00
|
|
|
if [ "$1" = "start" ]; then
|
|
|
|
|
start
|
2024-07-29 13:53:41 -06:00
|
|
|
elif [ "$1" = "virt" ]; then
|
|
|
|
|
virtualization
|
2024-07-20 14:51:36 -06:00
|
|
|
elif [ "$1" = "bot-search" ]; then
|
|
|
|
|
bot-search
|
|
|
|
|
elif [ "$1" = "attacker-protection" ]; then
|
|
|
|
|
attacker-protection
|
2024-08-01 13:00:44 -06:00
|
|
|
elif [ "$1" = "country" ]; then
|
|
|
|
|
blockCountry
|
2024-07-19 20:06:06 -06:00
|
|
|
elif [ "$1" = "status" ]; then
|
2024-09-10 15:21:29 -06:00
|
|
|
automaticStatus
|
2024-09-09 14:14:23 -06:00
|
|
|
elif [ "$1" = "forgive" ]; then
|
|
|
|
|
forgive
|
|
|
|
|
elif [ "$1" = "watch" ]; then
|
|
|
|
|
watch
|
2024-09-10 13:33:08 -06:00
|
|
|
elif [ "$1" = "research" ]; then
|
2024-09-12 15:58:52 -06:00
|
|
|
research
|
2024-07-19 17:44:28 -06:00
|
|
|
elif [ "$1" = "stop" ]; then
|
|
|
|
|
stop
|
2024-09-11 21:14:14 -06:00
|
|
|
elif [ "$1" = "message" ]; then
|
|
|
|
|
message $2
|
2024-09-12 11:36:03 -06:00
|
|
|
elif [ "$1" = "test" ]; then
|
|
|
|
|
test-bots
|
2024-08-13 15:18:27 -06:00
|
|
|
elif [ "$1" = "saved" ]; then
|
|
|
|
|
saved-bots
|
2024-07-19 17:44:28 -06:00
|
|
|
else
|
2024-09-10 14:38:21 -06:00
|
|
|
menu
|
2024-07-19 17:44:28 -06:00
|
|
|
fi
|
