verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2024-09-23 12:06:29 -06:00
parent 3f7d06cba2
commit 3569916c55
3 changed files with 87 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bots.txt
View File

@ -3259,3 +3259,5 @@
172.183.74.3
2a01:4f9:4a:3793:0:10:0:e16a
2a01:4f8:242:3ce9::2
172.183.107.193
138.91.70.191

9
firewall2.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash
MY_IP="47.5.115.173"
ATTACK_THRESHOLD="50"
HTTP_LIMIT="100"
SERVER_IP='192.168.0.55'
NGINX_ACCESS="/tmp/access.log"
#WIREGUARD=(51820)
@ -61,10 +62,10 @@ ipBlockParser(){
portOpenParser(){
if [[ "$1" == *"443"* || "$1" == *"80"* ]]; then
$NFT_TCP $i ct count 75 $NFT_ACCEPT
$NFT_UDP $i ct count 75 $NFT_ACCEPT
$NFT6_TCP $i ct count 75 $NFT_ACCEPT
$NFT6_UDP $i ct count 75 $NFT_ACCEPT
$NFT_TCP $i ct count $HTTP_LIMIT $NFT_ACCEPT
$NFT_UDP $i ct count $HTTP_LIMIT $NFT_ACCEPT
$NFT6_TCP $i ct count $HTTP_LIMIT $NFT_ACCEPT
$NFT6_UDP $i ct count $HTTP_LIMIT $NFT_ACCEPT
else
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT

148
nft.rules
View File

@ -107,6 +107,7 @@ table ip filter {
ip saddr 138.91.70.182 counter drop
ip saddr 138.91.70.189 counter drop
ip saddr 138.91.70.190 counter drop
ip saddr 138.91.70.191 counter drop
ip saddr 139.144.54.68 counter drop
ip saddr 139.215.113.214 counter drop
ip saddr 139.216.224.10 counter drop
@ -315,6 +316,7 @@ table ip filter {
ip saddr 171.25.193.78 counter drop
ip saddr 172.183.106.55 counter drop
ip saddr 172.183.106.57 counter drop
ip saddr 172.183.107.193 counter drop
ip saddr 172.183.107.212 counter drop
ip saddr 172.183.107.24 counter drop
ip saddr 172.183.108.34 counter drop
@ -2442,50 +2444,60 @@ table ip filter {
ip saddr 97.145.164.161 counter drop
ip saddr 98.102.84.2 counter drop
ip saddr 98.81.25.120 counter drop
tcp dport 57692 ct count 75 counter accept
udp dport 57692 ct count 75 counter accept
tcp dport 80 ct count 75 counter accept
udp dport 80 ct count 75 counter accept
tcp dport 443 ct count 75 counter accept
udp dport 443 ct count 75 counter accept
tcp dport 22 ct count 75 counter accept
udp dport 22 ct count 75 counter accept
tcp dport 3000 ct count 75 counter accept
udp dport 3000 ct count 75 counter accept
tcp dport 8082 ct count 75 counter accept
udp dport 8082 ct count 75 counter accept
tcp dport 853 ct count 75 counter accept
udp dport 853 ct count 75 counter accept
tcp dport 53 ct count 75 counter accept
udp dport 53 ct count 75 counter accept
tcp dport 57692 counter accept
udp dport 57692 counter accept
tcp dport 80 ct count 100 counter accept
udp dport 80 ct count 100 counter accept
tcp dport 443 ct count 100 counter accept
udp dport 443 ct count 100 counter accept
tcp dport 22 counter accept
udp dport 22 counter accept
tcp dport 3000 counter accept
udp dport 3000 counter accept
tcp dport 8082 ct count 100 counter accept
udp dport 8082 ct count 100 counter accept
tcp dport 853 counter accept
udp dport 853 counter accept
tcp dport 53 counter accept
udp dport 53 counter accept
tcp dport 67 ct count 75 counter accept
udp dport 67 ct count 75 counter accept
udp dport 53 counter accept
tcp dport 67 counter accept
udp dport 67 counter accept
tcp dport 68 ct count 75 counter accept
udp dport 68 ct count 75 counter accept
udp dport 67 counter accept
tcp dport 68 counter accept
udp dport 68 counter accept
tcp dport 631 ct count 75 counter accept
udp dport 631 ct count 75 counter accept
tcp dport 5353 ct count 75 counter accept
udp dport 5353 ct count 75 counter accept
udp dport 68 counter accept
tcp dport 631 counter accept
udp dport 631 counter accept
tcp dport 5353 counter accept
udp dport 5353 counter accept
ip saddr 192.168.0.55 tcp dport 22000 accept
ip saddr 192.168.0.55 tcp dport 8384 accept
ip saddr 192.168.0.55 tcp dport 21027 accept
tcp dport 22000 ct count 75 counter accept
udp dport 22000 ct count 75 counter accept
tcp dport 8384 ct count 75 counter accept
udp dport 8384 ct count 75 counter accept
tcp dport 21027 ct count 75 counter accept
udp dport 21027 ct count 75 counter accept
tcp dport 8096 ct count 75 counter accept
udp dport 8096 ct count 75 counter accept
tcp dport 7359 ct count 75 counter accept
udp dport 7359 ct count 75 counter accept
tcp dport 22000 counter accept
udp dport 22000 counter accept
tcp dport 8384 counter accept
udp dport 8384 counter accept
tcp dport 21027 counter accept
udp dport 21027 counter accept
tcp dport 8096 ct count 100 counter accept
udp dport 8096 ct count 100 counter accept
tcp dport 7359 counter accept
udp dport 7359 counter accept
ip saddr 192.168.5.0/24 counter accept
ip saddr 192.168.0.55 tcp dport 4001 accept
icmp type echo-request counter drop
drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 43.153.59.211 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 43.153.59.211 counter drop
ip saddr 45.139.213.211 counter drop
ip saddr 50.244.88.89 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 45.83.220.209 counter drop
ip saddr 68.231.217.115 counter drop
}
@ -2720,40 +2732,40 @@ table ip6 filter {
ip6 saddr 2a03:4000:9:80::10 counter drop
ip6 saddr 2a03:90c0:114::2fb counter drop
ip6 saddr 2a07:7e81:3c0b:2:dc18:f6d7:a755:f2f3 counter drop
tcp dport 57692 ct count 75 counter accept
udp dport 57692 ct count 75 counter accept
tcp dport 80 ct count 75 counter accept
udp dport 80 ct count 75 counter accept
tcp dport 443 ct count 75 counter accept
udp dport 443 ct count 75 counter accept
tcp dport 22 ct count 75 counter accept
udp dport 22 ct count 75 counter accept
tcp dport 3000 ct count 75 counter accept
udp dport 3000 ct count 75 counter accept
tcp dport 8082 ct count 75 counter accept
udp dport 8082 ct count 75 counter accept
tcp dport 853 ct count 75 counter accept
udp dport 853 ct count 75 counter accept
tcp dport 53 ct count 75 counter accept
udp dport 53 ct count 75 counter accept
tcp dport 67 ct count 75 counter accept
udp dport 67 ct count 75 counter accept
tcp dport 68 ct count 75 counter accept
udp dport 68 ct count 75 counter accept
tcp dport 631 ct count 75 counter accept
udp dport 631 ct count 75 counter accept
tcp dport 5353 ct count 75 counter accept
udp dport 5353 ct count 75 counter accept
tcp dport 22000 ct count 75 counter accept
udp dport 22000 ct count 75 counter accept
tcp dport 8384 ct count 75 counter accept
udp dport 8384 ct count 75 counter accept
tcp dport 21027 ct count 75 counter accept
udp dport 21027 ct count 75 counter accept
tcp dport 8096 ct count 75 counter accept
udp dport 8096 ct count 75 counter accept
tcp dport 7359 ct count 75 counter accept
udp dport 7359 ct count 75 counter accept
tcp dport 57692 counter accept
udp dport 57692 counter accept
tcp dport 80 ct count 100 counter accept
udp dport 80 ct count 100 counter accept
tcp dport 443 ct count 100 counter accept
udp dport 443 ct count 100 counter accept
tcp dport 22 counter accept
udp dport 22 counter accept
tcp dport 3000 counter accept
udp dport 3000 counter accept
tcp dport 8082 ct count 100 counter accept
udp dport 8082 ct count 100 counter accept
tcp dport 853 counter accept
udp dport 853 counter accept
tcp dport 53 counter accept
udp dport 53 counter accept
tcp dport 67 counter accept
udp dport 67 counter accept
tcp dport 68 counter accept
udp dport 68 counter accept
tcp dport 631 counter accept
udp dport 631 counter accept
tcp dport 5353 counter accept
udp dport 5353 counter accept
tcp dport 22000 counter accept
udp dport 22000 counter accept
tcp dport 8384 counter accept
udp dport 8384 counter accept
tcp dport 21027 counter accept
udp dport 21027 counter accept
tcp dport 8096 ct count 100 counter accept
udp dport 8096 ct count 100 counter accept
tcp dport 7359 counter accept
udp dport 7359 counter accept
drop
}