fix

2024-09-23 11:04:01 -06:00 · 2024-09-23 11:04:01 -06:00 · 3f7d06cba2
commit 3f7d06cba2
parent 799ddabe77
2 changed files with 82 additions and 83 deletions
--- a/firewall2.sh
+++ b/firewall2.sh
@ -60,11 +60,18 @@ ipBlockParser(){
 }

 portOpenParser(){
-		$NFT_TCP $i ct count 75 $NFT_ACCEPT
-		$NFT_UDP $i ct count 75 $NFT_ACCEPT
-		$NFT6_TCP $i ct count 75 $NFT_ACCEPT
-		$NFT6_UDP $i ct count 75 $NFT_ACCEPT
-
+               if [[ "$1" == *"443"* || "$1" == *"80"* ]]; then
+			$NFT_TCP $i ct count 75 $NFT_ACCEPT
+			$NFT_UDP $i ct count 75 $NFT_ACCEPT
+			$NFT6_TCP $i ct count 75 $NFT_ACCEPT
+			$NFT6_UDP $i ct count 75 $NFT_ACCEPT
+		else
+			$NFT_TCP $i $NFT_ACCEPT
+			$NFT_UDP $i $NFT_ACCEPT
+			$NFT6_TCP $i $NFT_ACCEPT
+			$NFT6_UDP $i $NFT_ACCEPT
+		fi
+}

 ipDeleteParser(){
               if [[ "$1" == *":"* ]]; then
--- a/nft.rules
+++ b/nft.rules
@ -2442,60 +2442,52 @@ table ip filter {
 		ip saddr 97.145.164.161 counter drop
 		ip saddr 98.102.84.2 counter drop
 		ip saddr 98.81.25.120 counter drop
-		tcp dport 57692 counter accept
-		udp dport 57692 counter accept
-		tcp dport 80 counter accept
-		udp dport 80 counter accept
-		tcp dport 443 counter accept
-		udp dport 443 counter accept
-		tcp dport 22 counter accept
-		udp dport 22 counter accept
-		tcp dport 3000 counter accept
-		udp dport 3000 counter accept
-		tcp dport 8082 counter accept
-		udp dport 8082 counter accept
-		tcp dport 853 counter accept
-		udp dport 853 counter accept
-		tcp dport 53 counter accept
+		tcp dport 57692 ct count 75 counter accept
+		udp dport 57692 ct count 75 counter accept
+		tcp dport 80 ct count 75 counter accept
+		udp dport 80 ct count 75 counter accept
+		tcp dport 443 ct count 75 counter accept
+		udp dport 443 ct count 75 counter accept
+		tcp dport 22 ct count 75 counter accept
+		udp dport 22 ct count 75 counter accept
+		tcp dport 3000 ct count 75 counter accept
+		udp dport 3000 ct count 75 counter accept
+		tcp dport 8082 ct count 75 counter accept
+		udp dport 8082 ct count 75 counter accept
+		tcp dport 853 ct count 75 counter accept
+		udp dport 853 ct count 75 counter accept
+		tcp dport 53 ct count 75 counter accept
+		udp dport 53 ct count 75 counter accept
 		udp dport 53 counter accept
-		udp dport 53 counter accept
-		tcp dport 67 counter accept
+		tcp dport 67 ct count 75 counter accept
+		udp dport 67 ct count 75 counter accept
 		udp dport 67 counter accept
-		udp dport 67 counter accept
-		tcp dport 68 counter accept
+		tcp dport 68 ct count 75 counter accept
+		udp dport 68 ct count 75 counter accept
 		udp dport 68 counter accept
-		udp dport 68 counter accept
-		tcp dport 631 counter accept
-		udp dport 631 counter accept
-		tcp dport 5353 counter accept
-		udp dport 5353 counter accept
+		tcp dport 631 ct count 75 counter accept
+		udp dport 631 ct count 75 counter accept
+		tcp dport 5353 ct count 75 counter accept
+		udp dport 5353 ct count 75 counter accept
 		ip saddr 192.168.0.55 tcp dport 22000 accept
 		ip saddr 192.168.0.55 tcp dport 8384 accept
 		ip saddr 192.168.0.55 tcp dport 21027 accept
-		tcp dport 22000 counter accept
-		udp dport 22000 counter accept
-		tcp dport 8384 counter accept
-		udp dport 8384 counter accept
-		tcp dport 21027 counter accept
-		udp dport 21027 counter accept
-		tcp dport 8096 counter accept
-		udp dport 8096 counter accept
-		tcp dport 7359 counter accept
-		udp dport 7359 counter accept
+		tcp dport 22000 ct count 75 counter accept
+		udp dport 22000 ct count 75 counter accept
+		tcp dport 8384 ct count 75 counter accept
+		udp dport 8384 ct count 75 counter accept
+		tcp dport 21027 ct count 75 counter accept
+		udp dport 21027 ct count 75 counter accept
+		tcp dport 8096 ct count 75 counter accept
+		udp dport 8096 ct count 75 counter accept
+		tcp dport 7359 ct count 75 counter accept
+		udp dport 7359 ct count 75 counter accept
 		ip saddr 192.168.5.0/24 counter accept
 		ip saddr 192.168.0.55 tcp dport 4001 accept
 		icmp type echo-request counter drop
 		drop
-		ip saddr 125.117.245.248 counter drop
-		ip saddr 94.130.130.104 counter drop
-		ip saddr 125.117.245.248 counter drop
-		ip saddr 94.130.130.104 counter drop
-		ip saddr 94.130.130.104 counter drop
-		ip saddr 94.130.130.104 counter drop
-		ip saddr 204.8.96.79 counter drop
-		ip saddr 185.18.221.2 counter drop
-		ip saddr 185.213.154.205 counter drop
-		ip saddr 44.227.217.144 counter drop
+		ip saddr 45.83.220.209 counter drop
+		ip saddr 68.231.217.115 counter drop
 	}

 	chain forward {
@ -2728,40 +2720,40 @@ table ip6 filter {
 		ip6 saddr 2a03:4000:9:80::10 counter drop
 		ip6 saddr 2a03:90c0:114::2fb counter drop
 		ip6 saddr 2a07:7e81:3c0b:2:dc18:f6d7:a755:f2f3 counter drop
-		tcp dport 57692 counter accept
-		udp dport 57692 counter accept
-		tcp dport 80 counter accept
-		udp dport 80 counter accept
-		tcp dport 443 counter accept
-		udp dport 443 counter accept
-		tcp dport 22 counter accept
-		udp dport 22 counter accept
-		tcp dport 3000 counter accept
-		udp dport 3000 counter accept
-		tcp dport 8082 counter accept
-		udp dport 8082 counter accept
-		tcp dport 853 counter accept
-		udp dport 853 counter accept
-		tcp dport 53 counter accept
-		udp dport 53 counter accept
-		tcp dport 67 counter accept
-		udp dport 67 counter accept
-		tcp dport 68 counter accept
-		udp dport 68 counter accept
-		tcp dport 631 counter accept
-		udp dport 631 counter accept
-		tcp dport 5353 counter accept
-		udp dport 5353 counter accept
-		tcp dport 22000 counter accept
-		udp dport 22000 counter accept
-		tcp dport 8384 counter accept
-		udp dport 8384 counter accept
-		tcp dport 21027 counter accept
-		udp dport 21027 counter accept
-		tcp dport 8096 counter accept
-		udp dport 8096 counter accept
-		tcp dport 7359 counter accept
-		udp dport 7359 counter accept
+		tcp dport 57692 ct count 75 counter accept
+		udp dport 57692 ct count 75 counter accept
+		tcp dport 80 ct count 75 counter accept
+		udp dport 80 ct count 75 counter accept
+		tcp dport 443 ct count 75 counter accept
+		udp dport 443 ct count 75 counter accept
+		tcp dport 22 ct count 75 counter accept
+		udp dport 22 ct count 75 counter accept
+		tcp dport 3000 ct count 75 counter accept
+		udp dport 3000 ct count 75 counter accept
+		tcp dport 8082 ct count 75 counter accept
+		udp dport 8082 ct count 75 counter accept
+		tcp dport 853 ct count 75 counter accept
+		udp dport 853 ct count 75 counter accept
+		tcp dport 53 ct count 75 counter accept
+		udp dport 53 ct count 75 counter accept
+		tcp dport 67 ct count 75 counter accept
+		udp dport 67 ct count 75 counter accept
+		tcp dport 68 ct count 75 counter accept
+		udp dport 68 ct count 75 counter accept
+		tcp dport 631 ct count 75 counter accept
+		udp dport 631 ct count 75 counter accept
+		tcp dport 5353 ct count 75 counter accept
+		udp dport 5353 ct count 75 counter accept
+		tcp dport 22000 ct count 75 counter accept
+		udp dport 22000 ct count 75 counter accept
+		tcp dport 8384 ct count 75 counter accept
+		udp dport 8384 ct count 75 counter accept
+		tcp dport 21027 ct count 75 counter accept
+		udp dport 21027 ct count 75 counter accept
+		tcp dport 8096 ct count 75 counter accept
+		udp dport 8096 ct count 75 counter accept
+		tcp dport 7359 ct count 75 counter accept
+		udp dport 7359 ct count 75 counter accept
 		drop
 	}