verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2024-09-22 22:55:57 -06:00
parent 4320d67ace
commit 405de0b8d9
3 changed files with 57 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
bots.txt
View File

@ -3091,3 +3091,29 @@
185.191.171.18
185.191.171.8
85.208.96.211
2a03:2880:f800:a::
167.172.244.121
185.191.171.2
85.208.96.200
85.208.96.209
167.172.244.121
185.191.171.13
185.191.171.16
185.191.171.3
185.191.171.5
185.191.171.7
66.249.73.1
85.208.96.196
85.208.96.199
85.208.96.202
85.208.96.203
85.208.96.205
85.208.96.207
185.191.171.11
185.191.171.14
185.191.171.18
4.231.99.75
66.249.73.2
85.208.96.209
85.208.96.211
85.208.96.212

14
firewall2.sh
View File

@ -53,7 +53,8 @@ nft list table filter >$NFT_CACHE
ipBlockParser(){
if [[ "$1" == *":"* ]]; then
$NFT add rule ip6 filter input position 4 ip6 saddr $1 $NFT_DROP
echo "Skipping IPv6"
#$NFT add rule ip6 filter input position 4 ip6 saddr $1 $NFT_DROP
else
$NFT add rule ip filter input position 4 ip saddr "$1" $NFT_DROP
fi
@ -62,13 +63,14 @@ ipBlockParser(){
portOpenParser(){
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
#$NFT6_TCP $i $NFT_ACCEPT
#$NFT6_UDP $i $NFT_ACCEPT
}
ipDeleteParser(){
if [[ "$1" == *":"* ]]; then
$NFT delete rule ip6 filter input handle $HANDLE
echo "Skipping ipv6"
#$NFT delete rule ip6 filter input handle $HANDLE
else
$NFT delete rule ip filter input handle $HANDLE
fi
@ -271,7 +273,7 @@ quickImport() {
done
}
import() {
import-saved() {
STATS=($(cat $SAVED_BOTS | sort -u))
for i in "${STATS[@]}"; do
@ -295,7 +297,7 @@ start() {
if [[ $HOSTNAME == *"nas"* ]]; then
import
import-saved
wireguard
web
admin

42
nft.rules
View File

@ -5,27 +5,33 @@ table ip filter {
ct state established counter accept
iif "docker0" counter accept
tcp dport 57692 counter accept
ip saddr 85.208.96.212 counter drop
ip saddr 85.208.96.211 counter drop
ip saddr 85.208.96.209 counter drop
ip saddr 66.249.73.2 counter drop
ip saddr 4.231.99.75 counter drop
ip saddr 185.191.171.18 counter drop
ip saddr 185.191.171.14 counter drop
ip saddr 185.191.171.11 counter drop
ip saddr 193.138.218.215 counter drop
ip saddr 185.165.190.111 counter drop
ip saddr 85.208.96.207 counter drop
ip saddr 85.208.96.205 counter drop
ip saddr 85.208.96.203 counter drop
ip saddr 85.208.96.202 counter drop
ip saddr 85.208.96.199 counter drop
ip saddr 85.208.96.196 counter drop
ip saddr 66.249.73.1 counter drop
ip saddr 185.191.171.7 counter drop
ip saddr 185.191.171.5 counter drop
ip saddr 185.191.171.3 counter drop
ip saddr 185.191.171.16 counter drop
ip saddr 185.191.171.13 counter drop
ip saddr 167.172.244.121 counter drop
udp dport 57692 counter accept
tcp dport 80 counter accept
udp dport 80 counter accept
tcp dport 443 counter accept
ip saddr 85.208.96.205 counter drop
ip saddr 85.208.96.204 counter drop
ip saddr 185.191.171.9 counter drop
ip saddr 68.5.192.216 counter drop
ip saddr 45.83.220.209 counter drop
ip saddr 185.224.128.47 counter drop
ip saddr 185.213.154.205 counter drop
ip saddr 185.165.190.111 counter drop
ip saddr 85.208.96.210 counter drop
ip saddr 66.249.73.5 counter drop
ip saddr 185.191.171.17 counter drop
ip saddr 167.172.244.121 counter drop
ip saddr 68.5.192.216 counter drop
ip saddr 185.213.154.240 counter drop
ip saddr 185.165.190.111 counter drop
ip saddr 169.150.204.34 counter drop
ip saddr 149.102.254.82 counter drop
udp dport 443 counter accept
tcp dport 22 counter accept
udp dport 22 counter accept
@ -85,8 +91,6 @@ table ip6 filter {
tcp dport 57692 counter accept
udp dport 57692 counter accept
tcp dport 80 counter accept
ip6 saddr 2a02:200:2e01:8400:da3:ff78:6b9b:56fc counter drop
ip6 saddr 2a06:98c0:3600::103 counter drop
udp dport 80 counter accept
tcp dport 443 counter accept
udp dport 443 counter accept