fix
This commit is contained in:
Your Name
parent
3bc706e771
commit
64b9d828d5
@ -69,8 +69,8 @@ ipBlockParser() {
|
|||||||
|
|
||||||
portOpenParser() {
|
portOpenParser() {
|
||||||
if [[ "$1" == "443" || "$1" == "80" ]]; then
|
if [[ "$1" == "443" || "$1" == "80" ]]; then
|
||||||
$NFT add rule ip filter input ct state new tcp dport $1 update @http_ratelimit { ip saddr limit rate 15/second } accept
|
$NFT add rule ip filter input ct state new tcp dport $1 update @http_ratelimit { ip saddr limit rate 10/second } accept
|
||||||
$NFT add rule ip6 filter input ct state new tcp dport $1 update @http_ratelimit { ip6 saddr limit rate 15/second } accept
|
$NFT add rule ip6 filter input ct state new tcp dport $1 update @http_ratelimit { ip6 saddr limit rate 10/second } accept
|
||||||
else
|
else
|
||||||
$NFT add rule ip filter input position 0 tcp dport $1 accept
|
$NFT add rule ip filter input position 0 tcp dport $1 accept
|
||||||
$NFT add rule ip filter input position 0 udp dport $1 accept
|
$NFT add rule ip filter input position 0 udp dport $1 accept
|
||||||
@ -270,7 +270,6 @@ forgive() {
|
|||||||
for i in "${IP[@]}"; do
|
for i in "${IP[@]}"; do
|
||||||
HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
|
HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
|
||||||
echo "Removing: $i Handle: $HANDLE"
|
echo "Removing: $i Handle: $HANDLE"
|
||||||
echo $NFT delete rule ip filter input handle $HANDLE
|
|
||||||
ipDeleteParser $HANDLE
|
ipDeleteParser $HANDLE
|
||||||
redis-cli SREM tmp_block $i
|
redis-cli SREM tmp_block $i
|
||||||
done
|
done
|
||||||
@ -306,7 +305,7 @@ module-akkoma() {
|
|||||||
|
|
||||||
module-get-spam() {
|
module-get-spam() {
|
||||||
GET_SPAM=$(grep $2 $ACCESS | grep -E "GET / HTTP" | wc -l)
|
GET_SPAM=$(grep $2 $ACCESS | grep -E "GET / HTTP" | wc -l)
|
||||||
if [[ "$GET_SPAM" -gt 5 ]]; then
|
if [[ "$GET_SPAM" -gt 10 ]]; then
|
||||||
ipBlockParser "$1"
|
ipBlockParser "$1"
|
||||||
redis-cli SADD tmp_block $i
|
redis-cli SADD tmp_block $i
|
||||||
message "GET Spam Attack! $1"
|
message "GET Spam Attack! $1"
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
table filter {
|
table filter {
|
||||||
set http_ratelimit { type ipv4_addr; timeout 2s; flags dynamic; }
|
set http_ratelimit { type ipv4_addr; timeout 1s; flags dynamic; }
|
||||||
chain input { type filter hook input priority 0;policy drop;}
|
chain input { type filter hook input priority 0;policy drop;}
|
||||||
chain forward { type filter hook forward priority 0; }
|
chain forward { type filter hook forward priority 0; }
|
||||||
chain output { type filter hook output priority 0; }
|
chain output { type filter hook output priority 0; }
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
table ip6 filter {
|
table ip6 filter {
|
||||||
set http_ratelimit { type ipv6_addr; timeout 2s; flags dynamic; }
|
set http_ratelimit { type ipv6_addr; timeout 1s; flags dynamic; }
|
||||||
chain input { type filter hook input priority 0; policy drop;}
|
chain input { type filter hook input priority 0; policy drop;}
|
||||||
chain forward { type filter hook forward priority 0; drop;}
|
chain forward { type filter hook forward priority 0; drop;}
|
||||||
chain output { type filter hook output priority 0; drop; }
|
chain output { type filter hook output priority 0; drop; }
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user