verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2024-09-23 12:59:26 -06:00
parent 432124f588
commit 70db85789c
2 changed files with 51 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
firewall2.sh
View File

@ -61,8 +61,8 @@ ipBlockParser(){
portOpenParser(){
if [[ "$1" == *"443"* || "$1" == *"80"* ]]; then
$NFT add rule ip filter input position 0 ct state new tcp dport $i update @http_ratelimit { ip saddr limit rate 20/second } accept
$NFT add rule ip6 filter input position 0 ct state new tcp dport $i update @http_ratelimit { ip6 saddr limit rate 20/second } accept
$NFT add rule ip filter input position 0 ct state new tcp dport $i update @http_ratelimit { ip saddr limit rate 10/second } accept
$NFT add rule ip6 filter input position 0 ct state new tcp dport $i update @http_ratelimit { ip6 saddr limit rate 10/second } accept
else
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
@ -566,6 +566,7 @@ menu() {
echo "6. Live Traffic"
echo "7. Test Bot Search Rules"
echo "8. Research IP"
echo "9. View Current Rule Set"
echo "0. Quit"
echo $MENU_BOTTOM
echo
@ -600,6 +601,8 @@ menu() {
elif [ "$CHOICE" = "8" ]; then
research-ip
read -p 'Press Enter to Continue ' -e
elif [ "$CHOICE" = "9" ]; then
nft -s list ruleset | less
elif [ "$CHOICE" = "0" ]; then
exit
fi

48
nft.rules
View File

@ -4,7 +4,7 @@ table ip filter {
size 65535
flags dynamic,timeout
timeout 2s
elements = { 104.36.84.3 limit rate 20/second burst 5 packets timeout 2s, 185.213.154.240 limit rate 20/second burst 5 packets timeout 2s }
elements = { 3.224.220.101 limit rate 20/second burst 5 packets timeout 2s, 138.201.28.142 limit rate 20/second burst 5 packets timeout 2s }
}
chain input {
@ -2496,7 +2496,46 @@ table ip filter {
icmp type echo-request counter drop
drop
ip saddr 68.231.217.115 counter drop
ip saddr 94.130.130.104 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 104.152.208.206 counter drop
ip saddr 24.185.182.183 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 23.96.249.173 counter drop
ip saddr 147.135.112.207 counter drop
ip saddr 147.135.112.207 counter drop
ip saddr 159.223.62.95 counter drop
ip saddr 159.223.62.95 counter drop
ip saddr 185.213.154.240 counter drop
ip saddr 185.213.154.240 counter drop
ip saddr 24.185.182.183 counter drop
ip saddr 24.185.182.183 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 104.152.208.206 counter drop
ip saddr 24.185.182.183 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 45.83.220.209 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 24.185.182.183 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 147.135.112.207 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 147.135.112.207 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 45.83.220.209 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 147.135.112.207 counter drop
ip saddr 185.213.154.240 counter drop
ip saddr 43.153.59.211 counter drop
ip saddr 68.231.217.115 counter drop
ip saddr 172.206.148.21 counter drop
ip saddr 23.154.177.20 counter drop
ip saddr 43.153.59.211 counter drop
ip saddr 68.231.217.115 counter drop
}
chain forward {
@ -2514,6 +2553,7 @@ table ip filter {
table ip6 filter {
set http_ratelimit {
type ipv6_addr
size 65535
flags dynamic,timeout
timeout 2s
}
@ -2737,10 +2777,13 @@ table ip6 filter {
ip6 saddr 2a07:7e81:3c0b:2:dc18:f6d7:a755:f2f3 counter drop
tcp dport 57692 counter accept
udp dport 57692 counter accept
ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate 20/second burst 5 packets } accept
ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate 20/second burst 5 packets } accept
tcp dport 22 counter accept
udp dport 22 counter accept
tcp dport 3000 counter accept
udp dport 3000 counter accept
ct state new tcp dport 8082 update @http_ratelimit { ip6 saddr limit rate 20/second burst 5 packets } accept
tcp dport 853 counter accept
udp dport 853 counter accept
tcp dport 53 counter accept
@ -2759,6 +2802,7 @@ table ip6 filter {
udp dport 8384 counter accept
tcp dport 21027 counter accept
udp dport 21027 counter accept
ct state new tcp dport 8096 update @http_ratelimit { ip6 saddr limit rate 20/second burst 5 packets } accept
tcp dport 7359 counter accept
udp dport 7359 counter accept
drop