fix
This commit is contained in:
Your Name
parent
f83ed97c61
commit
018b89fa35
90
firewall2.sh
90
firewall2.sh
@ -28,7 +28,7 @@ NFT_DROP='counter drop'
|
||||
NFT_ACCEPT='counter accept'
|
||||
NFT='/usr/sbin/nft'
|
||||
NFT_CACHE='/tmp/nft.cache'
|
||||
TMP_BLOCK='/tmp/tmp-blocked.txt'
|
||||
TMP_BLOCK='/opt/firewall/tmp-blocked.txt'
|
||||
####
|
||||
SAVED_BOTS='/opt/firewall/bots.txt'
|
||||
CRAWLER_DB='/opt/firewall/crawlers.txt'
|
||||
@ -95,6 +95,7 @@ bot-search() {
|
||||
if [ "$CHECK" = "" ];
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr $i $NFT_DROP
|
||||
echo $i >> $TMP_BLOCK
|
||||
else
|
||||
echo
|
||||
echo "Skipping Duplicate IP $i"
|
||||
@ -124,16 +125,17 @@ pedo-search() {
|
||||
|
||||
basic-security() {
|
||||
$NFT add rule filter input icmp type echo-request $NFT_DROP
|
||||
$NFS add rule filter input log
|
||||
$NFT add rule filter input log
|
||||
$NFT rule filter input log $NFT_DROP
|
||||
$NFT rule filter output $NFT_ACCEPT
|
||||
$NFT rule filter forward $NFT_ACCEPT
|
||||
$NFT insert rule filter input ct state established $NFT_ACCEPT
|
||||
$NFT insert rule filter input iif lo $NFT_ACCEPT
|
||||
|
||||
$NFT -f /usr/share/nftables/ipv6-filter.nft
|
||||
$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
|
||||
$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
|
||||
# $NFT -f /opt/firewall/ipv6-filter.nft
|
||||
# $NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
|
||||
# $NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
|
||||
$NFT add rule filter input count drop;
|
||||
}
|
||||
|
||||
virtualization() {
|
||||
@ -155,7 +157,7 @@ uptimeKuma() {
|
||||
admin() {
|
||||
for i in "${ADMIN[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -165,15 +167,15 @@ wireguard() {
|
||||
for i in "${WIREGUARD[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
web() {
|
||||
for i in "${WEB[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -181,8 +183,8 @@ dns(){
|
||||
for i in "${DNS[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
|
||||
}
|
||||
@ -191,8 +193,8 @@ adguard() {
|
||||
for i in "${ADGUARD[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -200,8 +202,8 @@ cups() {
|
||||
for i in "${CUPS[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -228,8 +230,8 @@ syncthing() {
|
||||
for i in "${SYNCTHING[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -237,8 +239,8 @@ jellyfin() {
|
||||
for i in "${JELLYFIN[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
@ -260,6 +262,18 @@ trust() {
|
||||
done
|
||||
}
|
||||
|
||||
import(){
|
||||
|
||||
STATS=( $( cat $TMP_BLOCK | sort -u ) )
|
||||
for i in "${STATS[@]}"; do
|
||||
if [[ $i == *":"* ]]; then
|
||||
echo "Skipping ipv6"
|
||||
else
|
||||
$NFT add rule ip filter input ip saddr $i $NFT_DROP&
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
start() {
|
||||
|
||||
$NFT flush ruleset
|
||||
@ -271,10 +285,12 @@ start() {
|
||||
# else
|
||||
#echo
|
||||
#echo "No existing Rules saved"
|
||||
$NFT -f /usr/share/nftables/ipv4-filter.nft
|
||||
$NFT -f /opt/firewall/ipv4-filter.nft
|
||||
# fi
|
||||
|
||||
if [[ $HOSTNAME == *"nas"* ]]; then
|
||||
|
||||
import
|
||||
attacker-protection
|
||||
wireguard
|
||||
web
|
||||
@ -299,7 +315,7 @@ start() {
|
||||
}
|
||||
|
||||
research(){
|
||||
STATS=( $( cat $TMP_BLOCK ) )
|
||||
STATS=( $( cat $TMP_BLOCK | sort -u) )
|
||||
for i in "${STATS[@]}"; do
|
||||
echo $MENU_TOP
|
||||
echo " [Researching $i] "
|
||||
@ -342,13 +358,16 @@ status() {
|
||||
echo " 404: $NOT_FOUND"
|
||||
echo " 502: $GATEWAY"
|
||||
echo
|
||||
echo "Rate-limited IP's:"
|
||||
cat $TMP_BLOCK
|
||||
echo "Active Dropped Blocked Traffic:"
|
||||
$NFT list table filter | grep drop | grep -Evi "bytes 0"
|
||||
echo
|
||||
#echo "Rate-limited IP's:"
|
||||
#cat $TMP_BLOCK | sort -u
|
||||
echo $MENU_BOTTOM
|
||||
}
|
||||
|
||||
stop() {
|
||||
forgive
|
||||
#forgive
|
||||
$NFT -s list ruleset | tee $RULE_SET
|
||||
$NFT flush ruleset
|
||||
$NFT -f /usr/share/nftables/ipv4-filter.nft
|
||||
@ -359,13 +378,13 @@ stop() {
|
||||
$NFT insert rule filter input ct state established $NFT_ACCEPT
|
||||
$NFT insert rule filter input iif lo $NFT_ACCEPT
|
||||
|
||||
$NFT -f /usr/share/nftables/ipv6-filter.nft
|
||||
$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT
|
||||
$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT
|
||||
#$NFT -f /opt/firewall/ipv6-filter.nft
|
||||
# $NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_ACCEPT
|
||||
# $NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_ACCEPT
|
||||
}
|
||||
|
||||
forgive() {
|
||||
IP=( $( grep -vi $MY_IP $TMP_BLOCK) )
|
||||
IP=( $( grep -vi $MY_IP $TMP_BLOCK | sort -u ) )
|
||||
echo $IP
|
||||
for i in "${IP[@]}"; do
|
||||
HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
|
||||
@ -375,7 +394,6 @@ forgive() {
|
||||
done
|
||||
|
||||
echo "Clearing old $TMP_BLOCK"
|
||||
echo > $TMP_BLOCK
|
||||
}
|
||||
|
||||
saved-attackers() {
|
||||
@ -396,12 +414,21 @@ saved-attackers() {
|
||||
done
|
||||
}
|
||||
|
||||
module-go(){
|
||||
GO_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
|
||||
if [[ "$GO_SPAM" -gt 5 ]];
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
|
||||
fi
|
||||
echo $1 >> $TMP_BLOCK
|
||||
}
|
||||
module-wordpress(){
|
||||
WP_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||
if [[ "$WP_SPAM" -gt 2 ]];
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
|
||||
fi
|
||||
echo $1 >> $TMP_BLOCK
|
||||
}
|
||||
|
||||
module-lightning(){
|
||||
@ -410,19 +437,21 @@ module-lightning(){
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
|
||||
fi
|
||||
echo $1 >> $TMP_BLOCK
|
||||
}
|
||||
|
||||
watch() {
|
||||
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
|
||||
echo "Scanning $DATE"
|
||||
echo
|
||||
IP=( $( grep $DATE $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | cut -d ' ' -f1 | sort -u ) )
|
||||
IP=( $( grep $DATE $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u ) )
|
||||
for i in "${IP[@]}"; do
|
||||
COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l)
|
||||
CHECK=$( cat $NFT_CACHE | grep $i)
|
||||
|
||||
module-lightning "$i" "$DATE"
|
||||
module-wordpress "$i" "$DATE"
|
||||
module-go "$i" "$DATE"
|
||||
|
||||
if [ "$CHECK" = "" ];
|
||||
then
|
||||
@ -472,6 +501,7 @@ elif [ "$CHOICE" = "4" ]; then
|
||||
forgive
|
||||
elif [ "$CHOICE" = "5" ]; then
|
||||
status
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "6" ]; then
|
||||
tail -f $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
|
||||
264
nft.rules
264
nft.rules
@ -4,30 +4,175 @@ table ip filter {
|
||||
iif "lo" counter accept
|
||||
ct state established counter accept
|
||||
iif "docker0" counter accept
|
||||
ip saddr 138.199.60.36 counter drop
|
||||
ip saddr 138.199.60.36 counter drop
|
||||
ip saddr 159.65.154.16 counter drop
|
||||
ip saddr 104.152.208.206 counter drop
|
||||
ip saddr 114.119.142.69 counter drop
|
||||
ip saddr 1.145.171.82 counter drop
|
||||
ip saddr 114.119.142.14 counter drop
|
||||
ip saddr 114.119.152.50 counter drop
|
||||
ip saddr 104.28.193.116 counter drop
|
||||
ip saddr 114.119.153.11 counter drop
|
||||
ip saddr 114.79.21.176 counter drop
|
||||
ip saddr 136.38.232.155 counter drop
|
||||
ip saddr 129.80.249.156 counter drop
|
||||
ip saddr 162.247.74.27 counter drop
|
||||
ip saddr 160.16.228.67 counter drop
|
||||
ip saddr 116.203.188.112 counter drop
|
||||
ip saddr 149.88.104.22 counter drop
|
||||
ip saddr 164.90.228.186 counter drop
|
||||
ip saddr 156.146.51.79 counter drop
|
||||
ip saddr 149.102.254.67 counter drop
|
||||
ip saddr 167.172.138.0 counter drop
|
||||
ip saddr 161.35.141.61 counter drop
|
||||
ip saddr 167.172.244.121 counter drop
|
||||
ip saddr 185.191.171.14 counter drop
|
||||
ip saddr 185.191.171.18 counter drop
|
||||
ip saddr 23.154.177.23 counter drop
|
||||
ip saddr 167.235.11.110 counter drop
|
||||
ip saddr 168.119.6.104 counter drop
|
||||
ip saddr 17.241.219.250 counter drop
|
||||
ip saddr 168.90.66.214 counter drop
|
||||
ip saddr 17.241.227.88 counter drop
|
||||
ip saddr 174.138.53.241 counter drop
|
||||
ip saddr 172.56.201.121 counter drop
|
||||
ip saddr 174.238.14.31 counter drop
|
||||
ip saddr 185.170.167.18 counter drop
|
||||
ip saddr 185.107.57.65 counter drop
|
||||
ip saddr 185.191.126.213 counter drop
|
||||
ip saddr 185.191.171.1 counter drop
|
||||
ip saddr 185.191.171.10 counter drop
|
||||
ip saddr 185.191.171.12 counter drop
|
||||
ip saddr 178.239.16.217 counter drop
|
||||
ip saddr 178.132.108.51 counter drop
|
||||
ip saddr 185.191.171.15 counter drop
|
||||
ip saddr 185.191.171.6 counter drop
|
||||
ip saddr 185.191.171.13 counter drop
|
||||
ip saddr 185.191.171.4 counter drop
|
||||
ip saddr 185.213.154.240 counter drop
|
||||
ip saddr 185.93.3.195 counter drop
|
||||
ip saddr 185.97.32.8 counter drop
|
||||
ip saddr 186.214.115.200 counter drop
|
||||
ip saddr 185.213.154.205 counter drop
|
||||
ip saddr 193.138.218.215 counter drop
|
||||
ip saddr 185.191.171.7 counter drop
|
||||
ip saddr 188.217.57.18 counter drop
|
||||
ip saddr 192.210.137.3 counter drop
|
||||
ip saddr 194.127.173.36 counter drop
|
||||
ip saddr 199.16.243.10 counter drop
|
||||
ip saddr 198.98.52.24 counter drop
|
||||
ip saddr 199.195.251.202 counter drop
|
||||
ip saddr 199.195.253.180 counter drop
|
||||
ip saddr 200.5.49.101 counter drop
|
||||
ip saddr 199.195.251.148 counter drop
|
||||
ip saddr 199.195.253.124 counter drop
|
||||
ip saddr 212.95.52.76 counter drop
|
||||
ip saddr 209.141.55.26 counter drop
|
||||
ip saddr 23.154.177.31 counter drop
|
||||
ip saddr 23.154.177.9 counter drop
|
||||
ip saddr 23.154.177.15 counter drop
|
||||
ip saddr 23.129.64.135 counter drop
|
||||
ip saddr 38.175.194.11 counter drop
|
||||
ip saddr 4.227.115.128 counter drop
|
||||
ip saddr 40.77.167.7 counter drop
|
||||
ip saddr 40.77.167.255 counter drop
|
||||
ip saddr 41.23.164.79 counter drop
|
||||
ip saddr 43.153.59.211 counter drop
|
||||
ip saddr 45.134.142.4 counter drop
|
||||
ip saddr 47.128.118.1 counter drop
|
||||
ip saddr 47.128.113.181 counter drop
|
||||
ip saddr 47.128.119.74 counter drop
|
||||
ip saddr 47.128.120.79 counter drop
|
||||
ip saddr 47.128.120.198 counter drop
|
||||
ip saddr 44.227.217.144 counter drop
|
||||
ip saddr 47.128.121.41 counter drop
|
||||
ip saddr 47.128.122.102 counter drop
|
||||
ip saddr 47.128.122.61 counter drop
|
||||
ip saddr 45.83.220.209 counter drop
|
||||
ip saddr 45.83.220.203 counter drop
|
||||
ip saddr 47.128.124.84 counter drop
|
||||
ip saddr 47.128.17.208 counter drop
|
||||
ip saddr 47.128.124.170 counter drop
|
||||
ip saddr 47.128.18.233 counter drop
|
||||
ip saddr 47.128.23.202 counter drop
|
||||
ip saddr 47.128.124.215 counter drop
|
||||
ip saddr 47.128.20.161 counter drop
|
||||
ip saddr 47.128.31.45 counter drop
|
||||
ip saddr 47.128.28.128 counter drop
|
||||
ip saddr 47.128.32.75 counter drop
|
||||
ip saddr 47.128.32.4 counter drop
|
||||
ip saddr 47.128.17.154 counter drop
|
||||
ip saddr 47.128.33.75 counter drop
|
||||
ip saddr 47.128.17.38 counter drop
|
||||
ip saddr 47.128.21.243 counter drop
|
||||
ip saddr 47.128.39.185 counter drop
|
||||
ip saddr 47.128.39.161 counter drop
|
||||
ip saddr 47.128.41.32 counter drop
|
||||
ip saddr 47.128.44.180 counter drop
|
||||
ip saddr 47.128.44.157 counter drop
|
||||
ip saddr 47.128.44.178 counter drop
|
||||
ip saddr 47.128.45.84 counter drop
|
||||
ip saddr 47.128.44.84 counter drop
|
||||
ip saddr 47.128.28.14 counter drop
|
||||
ip saddr 47.128.33.79 counter drop
|
||||
ip saddr 47.128.33.29 counter drop
|
||||
ip saddr 47.128.39.135 counter drop
|
||||
ip saddr 47.128.44.236 counter drop
|
||||
ip saddr 47.128.47.169 counter drop
|
||||
ip saddr 47.128.53.14 counter drop
|
||||
ip saddr 47.128.53.161 counter drop
|
||||
ip saddr 47.128.52.161 counter drop
|
||||
ip saddr 47.128.47.67 counter drop
|
||||
ip saddr 47.128.50.217 counter drop
|
||||
ip saddr 47.128.59.23 counter drop
|
||||
ip saddr 47.128.60.215 counter drop
|
||||
ip saddr 47.128.59.255 counter drop
|
||||
ip saddr 47.128.54.75 counter drop
|
||||
ip saddr 47.128.61.166 counter drop
|
||||
ip saddr 47.128.97.19 counter drop
|
||||
ip saddr 47.128.61.74 counter drop
|
||||
ip saddr 47.128.97.90 counter drop
|
||||
ip saddr 47.128.98.85 counter drop
|
||||
ip saddr 47.128.63.50 counter drop
|
||||
ip saddr 47.128.97.162 counter drop
|
||||
ip saddr 5.255.101.45 counter drop
|
||||
ip saddr 5.255.231.200 counter drop
|
||||
ip saddr 51.158.202.215 counter drop
|
||||
ip saddr 65.20.100.225 counter drop
|
||||
ip saddr 62.74.0.136 counter drop
|
||||
ip saddr 47.128.98.162 counter drop
|
||||
ip saddr 52.225.77.213 counter drop
|
||||
ip saddr 66.23.193.50 counter drop
|
||||
ip saddr 66.249.66.14 counter drop
|
||||
ip saddr 66.249.66.10 counter drop
|
||||
ip saddr 66.249.66.70 counter drop
|
||||
ip saddr 47.128.97.204 counter drop
|
||||
ip saddr 65.97.62.18 counter drop
|
||||
ip saddr 47.128.98.90 counter drop
|
||||
ip saddr 66.249.66.16 counter drop
|
||||
ip saddr 66.249.66.11 counter drop
|
||||
ip saddr 66.249.66.71 counter drop
|
||||
ip saddr 66.249.66.72 counter drop
|
||||
ip saddr 66.249.66.73 counter drop
|
||||
ip saddr 66.249.66.74 counter drop
|
||||
ip saddr 66.249.73.20 counter drop
|
||||
ip saddr 66.249.73.1 counter drop
|
||||
ip saddr 66.249.66.9 counter drop
|
||||
ip saddr 66.249.73.5 counter drop
|
||||
ip saddr 66.249.73.4 counter drop
|
||||
ip saddr 66.249.73.6 counter drop
|
||||
ip saddr 84.128.209.199 counter drop
|
||||
ip saddr 138.199.60.36 counter drop
|
||||
ip saddr 167.172.244.121 counter drop
|
||||
ip saddr 185.191.171.14 counter drop
|
||||
ip saddr 185.191.171.18 counter drop
|
||||
ip saddr 217.113.194.187 counter drop
|
||||
ip saddr 217.113.194.191 counter drop
|
||||
ip saddr 217.113.194.251 counter drop
|
||||
ip saddr 47.128.127.145 counter drop
|
||||
ip saddr 47.128.49.105 counter drop
|
||||
ip saddr 47.128.63.13 counter drop
|
||||
ip saddr 66.249.73.6 counter drop
|
||||
ip saddr 68.183.48.167 counter drop
|
||||
ip saddr 73.91.143.64 counter drop
|
||||
ip saddr 73.52.168.171 counter drop
|
||||
ip saddr 73.133.69.133 counter drop
|
||||
ip saddr 74.80.208.185 counter drop
|
||||
ip saddr 82.69.107.189 counter drop
|
||||
ip saddr 74.80.208.127 counter drop
|
||||
ip saddr 85.208.96.193 counter drop
|
||||
ip saddr 85.208.96.199 counter drop
|
||||
ip saddr 85.208.96.201 counter drop
|
||||
ip saddr 85.208.96.204 counter drop
|
||||
ip saddr 93.115.0.36 counter drop
|
||||
ip saddr 75.3.228.240 counter drop
|
||||
ip saddr 85.208.96.194 counter drop
|
||||
ip saddr 95.108.213.148 counter drop
|
||||
ip saddr 85.208.96.195 counter drop
|
||||
ip saddr 96.44.135.166 counter drop
|
||||
ip saddr 85.208.96.211 counter drop
|
||||
tcp dport 57692 counter accept
|
||||
udp dport 57692 counter accept
|
||||
tcp dport 80 counter accept
|
||||
@ -65,71 +210,9 @@ table ip filter {
|
||||
ip saddr 192.168.5.0/24 counter accept
|
||||
ip saddr 192.168.0.55 tcp dport 4001 accept
|
||||
icmp type echo-request counter drop
|
||||
log
|
||||
log counter drop
|
||||
ip saddr 129.105.31.75 counter drop
|
||||
ip saddr 138.199.60.36 counter drop
|
||||
ip saddr 167.172.244.121 counter drop
|
||||
ip saddr 176.9.71.213 counter drop
|
||||
ip saddr 185.97.32.8 counter drop
|
||||
ip saddr 193.138.218.215 counter drop
|
||||
ip saddr 23.154.177.23 counter drop
|
||||
ip saddr 43.153.59.211 counter drop
|
||||
ip saddr 45.134.142.4 counter drop
|
||||
ip saddr 66.23.193.50 counter drop
|
||||
ip saddr 81.132.105.90 counter drop
|
||||
ip saddr 129.105.31.75 counter drop
|
||||
ip saddr 47.128.115.39 counter drop
|
||||
ip saddr 47.128.26.8 counter drop
|
||||
ip saddr 47.128.31.193 counter drop
|
||||
ip saddr 66.23.193.50 counter drop
|
||||
ip saddr 66.249.66.10 counter drop
|
||||
ip saddr 66.249.66.74 counter drop
|
||||
ip saddr 47.128.124.202 counter drop
|
||||
ip saddr 47.128.35.59 counter drop
|
||||
ip saddr 47.128.43.250 counter drop
|
||||
ip saddr 66.249.66.9 counter drop
|
||||
ip saddr 66.249.73.4 counter drop
|
||||
ip saddr 159.138.106.125 counter drop
|
||||
ip saddr 47.128.121.28 counter drop
|
||||
ip saddr 47.128.56.0 counter drop
|
||||
ip saddr 47.128.96.213 counter drop
|
||||
ip saddr 213.180.203.133 counter drop
|
||||
ip saddr 47.128.45.108 counter drop
|
||||
ip saddr 85.208.96.201 counter drop
|
||||
ip saddr 85.208.96.208 counter drop
|
||||
ip saddr 114.119.128.40 counter drop
|
||||
ip saddr 66.249.66.72 counter drop
|
||||
ip saddr 66.249.73.5 counter drop
|
||||
ip saddr 85.208.96.194 counter drop
|
||||
ip saddr 85.208.96.200 counter drop
|
||||
ip saddr 114.119.159.8 counter drop
|
||||
ip saddr 17.241.227.109 counter drop
|
||||
ip saddr 17.241.227.189 counter drop
|
||||
ip saddr 17.241.75.149 counter drop
|
||||
ip saddr 3.27.219.100 counter drop
|
||||
ip saddr 47.128.113.142 counter drop
|
||||
ip saddr 47.128.40.40 counter drop
|
||||
ip saddr 66.249.73.1 counter drop
|
||||
ip saddr 104.193.255.59 counter drop
|
||||
ip saddr 129.105.31.75 counter drop
|
||||
ip saddr 129.80.249.156 counter drop
|
||||
ip saddr 146.70.170.14 counter drop
|
||||
ip saddr 185.191.171.11 counter drop
|
||||
ip saddr 185.191.171.16 counter drop
|
||||
ip saddr 193.138.218.215 counter drop
|
||||
ip saddr 198.54.132.110 counter drop
|
||||
ip saddr 199.195.253.124 counter drop
|
||||
ip saddr 45.134.142.4 counter drop
|
||||
ip saddr 85.208.96.200 counter drop
|
||||
ip saddr 85.208.96.205 counter drop
|
||||
ip saddr 185.191.171.11 counter drop
|
||||
ip saddr 185.191.171.16 counter drop
|
||||
ip saddr 185.191.171.4 counter drop
|
||||
ip saddr 47.128.61.3 counter drop
|
||||
ip saddr 47.128.61.69 counter drop
|
||||
ip saddr 47.128.96.167 counter drop
|
||||
ip saddr 85.208.96.205 counter drop
|
||||
ip saddr 85.208.96.206 counter drop
|
||||
drop
|
||||
}
|
||||
|
||||
chain forward {
|
||||
@ -151,18 +234,3 @@ table ip nat {
|
||||
masquerade
|
||||
}
|
||||
}
|
||||
table ip6 filter {
|
||||
chain input {
|
||||
type filter hook input priority filter; policy accept;
|
||||
icmpv6 type nd-neighbor-solicit counter drop
|
||||
icmpv6 type nd-router-advert counter drop
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy accept;
|
||||
}
|
||||
|
||||
chain output {
|
||||
type filter hook output priority filter; policy accept;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user