fix
This commit is contained in:
Your Name
parent
67a22d5df8
commit
6604ebe728
28
firewall2.sh
28
firewall2.sh
@ -28,6 +28,7 @@ NFT_DROP='counter drop'
|
||||
NFT_ACCEPT='counter accept'
|
||||
NFT='/usr/sbin/nft'
|
||||
NFT_CACHE='/tmp/nft.cache'
|
||||
TMP_BLOCK='/tmp/tmp-blocked.txt'
|
||||
####
|
||||
SAVED_BOTS='/opt/firewall/bots.txt'
|
||||
CRAWLER_DB='/opt/firewall/crawlers.txt'
|
||||
@ -317,12 +318,24 @@ start() {
|
||||
|
||||
}
|
||||
|
||||
research(){
|
||||
STATS=( $( cat $TMP_BLOCK ) )
|
||||
for i in "${STATS[@]}"; do
|
||||
echo "------------------[Researching $i]-----------------------"
|
||||
grep $i $NGINX_LOG
|
||||
echo "------------------[ENDi]-----------------------"
|
||||
done
|
||||
}
|
||||
|
||||
status() {
|
||||
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
|
||||
STATS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l )
|
||||
GET=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l )
|
||||
POST=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l )
|
||||
PUT=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -i PUT | wc -l )
|
||||
NOT_FOUND=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l )
|
||||
GATEWAY=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l )
|
||||
SUCCESS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l )
|
||||
CRAWL=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l )
|
||||
echo "=================================================================="
|
||||
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
||||
@ -334,8 +347,13 @@ status() {
|
||||
echo " POST: $POST"
|
||||
echo " Crawlers: $CRAWL"
|
||||
echo
|
||||
echo "Query Stats:: "
|
||||
echo " 200: $SUCCESS"
|
||||
echo " 404: $NOT_FOUND"
|
||||
echo " 502: $GATEWAY"
|
||||
echo
|
||||
echo "Blocked IP's:"
|
||||
cat /tmp/tmp-blocked.txt
|
||||
cat $TMP_BLOCK
|
||||
echo "=================================================================="
|
||||
}
|
||||
|
||||
@ -357,7 +375,7 @@ stop() {
|
||||
}
|
||||
|
||||
forgive() {
|
||||
IP=( $( grep -vi $MY_IP /tmp/tmp-blocked.txt ) )
|
||||
IP=( $( grep -vi $MY_IP $TMP_BLOCK) )
|
||||
echo $IP
|
||||
for i in "${IP[@]}"; do
|
||||
echo "Checking $i"
|
||||
@ -366,7 +384,7 @@ forgive() {
|
||||
echo $NFT delete rule ip filter input handle $HANDLE
|
||||
$NFT delete rule ip filter input handle $HANDLE
|
||||
done
|
||||
echo > /tmp/tmp-blocked.txt
|
||||
echo > $TMP_BLOCk
|
||||
}
|
||||
|
||||
saved-attackers() {
|
||||
@ -401,7 +419,7 @@ watch() {
|
||||
if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then
|
||||
echo "Blocking IP: $i"
|
||||
logger "Blocking IP: $i"
|
||||
echo $i >> /tmp/tmp-blocked.txt
|
||||
echo $i >> $TMP_BLOCK
|
||||
$NFT add rule ip filter input ip saddr $i $NFT_DROP
|
||||
fi
|
||||
else
|
||||
@ -428,6 +446,8 @@ elif [ "$1" = "forgive" ]; then
|
||||
forgive
|
||||
elif [ "$1" = "watch" ]; then
|
||||
watch
|
||||
elif [ "$1" = "research" ]; then
|
||||
research
|
||||
elif [ "$1" = "stop" ]; then
|
||||
stop
|
||||
elif [ "$1" = "saved" ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user