fix

attackers.txt

@@ -306,3 +306,11 @@
 91.92.251.141
 103.253.145.231
 91.92.251.141
+34.142.144.172
+34.142.144.172
+34.142.144.172
+34.142.144.172
+34.142.144.172
+34.142.144.172
+34.142.144.172
+34.142.144.172

bots.txt

@@ -47,6 +47,7 @@
 102.176.129.74
 102.211.204.118
 102.215.76.98
+102.215.77.114
 102.215.77.170
 102.38.199.1
 102.70.12.191
@@ -170,6 +171,7 @@
 106.222.182.189
 106.73.171.32
 106.75.50.6
+106.75.64.247
 107.115.227.106
 107.115.227.113
 107.115.227.36
@@ -934,6 +936,7 @@
 133.18.228.168
 133.18.230.69
 133.18.237.221
+133.18.238.90
 133.18.241.203
 133.207.42.32
 133.218.54.44
@@ -1807,6 +1810,7 @@
 17.22.237.247
 17.22.237.248
 17.22.237.25
+17.22.237.250
 17.22.237.251
 17.22.237.252
 17.22.237.26
@@ -2012,6 +2016,7 @@
 17.22.253.116
 17.22.253.118
 17.22.253.119
+17.22.253.120
 17.22.253.121
 17.22.253.123
 17.22.253.125
@@ -3345,6 +3350,7 @@
 172.183.106.64
 172.183.106.71
 172.183.107.132
+172.183.107.133
 172.183.107.17
 172.183.107.19
 172.183.107.210
@@ -5395,6 +5401,7 @@
 198.235.24.27
 198.235.24.3
 198.235.24.31
+198.235.24.32
 198.235.24.34
 198.235.24.41
 198.235.24.42
@@ -5590,6 +5597,7 @@
 20.161.77.207
 20.161.78.1
 20.161.78.15
+20.161.78.192
 20.161.78.193
 20.161.78.194
 20.161.78.197
@@ -5771,6 +5779,7 @@
 20.55.118.255
 20.55.126.32
 20.55.126.33
+20.55.126.42
 20.55.126.44
 20.55.126.47
 20.55.126.71
@@ -5909,6 +5918,7 @@
 20.81.159.81
 20.81.159.82
 20.81.159.83
+20.81.159.95
 20.81.159.99
 20.81.46.145
 20.81.46.146
@@ -7131,6 +7141,7 @@
 2607:fb90:3919:91f8:a17d:e3e0:acdc:3d1a
 2607:fb90:3e09:85b3:3d00:38a8:9657:321e
 2607:fb90:454e:5b63:71b7:3da3:32e9:525
+2607:fb90:7400:4b17:1da:a6e8:fb7:2a34
 2607:fb90:8704:c6e1:50fa:b6f1:11ca:664c
 2607:fb90:8b64:e00:ecdf:f7a5:2587:585e
 2607:fb90:9397:ceb0:2094:3599:4865:2282
@@ -7339,6 +7350,7 @@
 2a03:2880:f804:5::
 2a03:2880:f804:9::
 2a03:2880:ff:11::face:b00c
+2a03:2880:ff:12::face:b00c
 2a03:2880:ff:14::face:b00c
 2a03:2880:ff:1a::face:b00c
 2a03:2880:ff:1d::face:b00c
@@ -7356,6 +7368,7 @@
 2a09:bac1:76a1:2238::2cf:e0
 2a09:bac2:ac9:878::d8:190
 2a09:bac5:72e3:13e1::1fb:b6
+2a09:bac5:72e5:1c32::2cf:b6
 2a0a:a541:e874:0:1cc3:8fd7:26ca:a977
 2a0a:b640:1:c9::24
 2a0d:3344:155b:b810:3ce4:12fa:1b0a:ed9
@@ -8402,6 +8415,7 @@
 40.77.189.236
 40.77.189.237
 40.77.189.241
+40.77.189.242
 40.77.189.247
 40.77.189.250
 40.77.189.30
@@ -9461,6 +9475,7 @@
 47.128.113.13
 47.128.113.131
 47.128.113.132
+47.128.113.133
 47.128.113.134
 47.128.113.136
 47.128.113.137
@@ -10281,6 +10296,7 @@
 47.128.117.127
 47.128.117.128
 47.128.117.129
+47.128.117.13
 47.128.117.130
 47.128.117.131
 47.128.117.132
@@ -11544,6 +11560,7 @@
 47.128.123.217
 47.128.123.218
 47.128.123.219
+47.128.123.22
 47.128.123.220
 47.128.123.221
 47.128.123.222
@@ -13645,6 +13662,7 @@
 47.128.21.24
 47.128.21.240
 47.128.21.241
+47.128.21.242
 47.128.21.243
 47.128.21.244
 47.128.21.245
@@ -14112,6 +14130,7 @@
 47.128.23.63
 47.128.23.64
 47.128.23.65
+47.128.23.66
 47.128.23.67
 47.128.23.68
 47.128.23.7
@@ -14519,6 +14538,7 @@
 47.128.27.111
 47.128.27.112
 47.128.27.113
+47.128.27.114
 47.128.27.116
 47.128.27.117
 47.128.27.118
@@ -15065,6 +15085,7 @@
 47.128.29.36
 47.128.29.37
 47.128.29.38
+47.128.29.39
 47.128.29.4
 47.128.29.40
 47.128.29.41
@@ -16296,6 +16317,7 @@
 47.128.35.48
 47.128.35.49
 47.128.35.5
+47.128.35.50
 47.128.35.51
 47.128.35.52
 47.128.35.53
@@ -18433,6 +18455,7 @@
 47.128.46.124
 47.128.46.125
 47.128.46.127
+47.128.46.128
 47.128.46.129
 47.128.46.13
 47.128.46.130
@@ -20011,6 +20034,7 @@
 47.128.53.39
 47.128.53.4
 47.128.53.40
+47.128.53.41
 47.128.53.42
 47.128.53.43
 47.128.53.44
@@ -22805,6 +22829,7 @@
 47.128.99.19
 47.128.99.190
 47.128.99.191
+47.128.99.192
 47.128.99.193
 47.128.99.194
 47.128.99.195
@@ -23013,6 +23038,7 @@
 5.255.231.103
 5.255.231.104
 5.255.231.106
+5.255.231.107
 5.255.231.108
 5.255.231.109
 5.255.231.11
@@ -23673,6 +23699,7 @@
 52.234.33.115
 52.234.33.117
 52.234.33.123
+52.234.33.124
 52.234.33.176
 52.234.33.178
 52.234.33.179
@@ -23777,7 +23804,10 @@
 52.62.54.170
 52.70.240.171
 52.76.162.23
+52.80.13.3
 52.81.207.51
+52.81.208.114
+52.81.254.49
 52.87.171.57
 52.88.45.69
 52.89.71.169
@@ -24434,6 +24464,7 @@
 66.249.66.20
 66.249.66.21
 66.249.66.22
+66.249.66.23
 66.249.66.3
 66.249.66.32
 66.249.66.35

fediblock.txt

@@ -25,6 +25,7 @@
 162.19.29.212
 162.19.87.99
 162.55.40.80
+167.172.151.255
 167.172.178.167
 167.235.13.53
 167.235.146.56
@@ -40,6 +41,7 @@
 176.9.37.61
 18.212.99.83
 185.100.87.210
+185.121.168.233
 185.206.232.42
 188.245.53.174
 194.71.11.42

firewall2.sh

@@ -3,13 +3,15 @@ MY_IP=$(curl ifconfig.me)
 NGINX_ACCESS="/var/log/nginx/access.log"
 WIREGUARD=(57692 853)
 WEB=(80 443)
-ADGUARD=(53 3000 8082 67)
+ADGUARD=(3000 8082 67)
+UPTIME=(4001)
+DNS=(53)
 CUPS=(631 5353)
 BITCOIN=(8333 8332 8334 4050)
-LND=(9735 8080 28334 28333 19998 29000)
+LND=(10009 9735 8080 28334 28333 19998 29000)
 SYNCTHING=(22000 8384 21027)
 NFS=(2049 111)
-JELLYFIN=(8096 1900 7359)
+JELLYFIN=(8096 7359)
 MACHINES=(127.0.0.1)
 VIRT_BRIDGE="virbr0"
 ADMIN=(22)
@@ -176,7 +178,16 @@ virtualization() {
 
 tor() {
 	for i in "${TOR[@]}"; do
-		$NFT_TCP $i $NFT_ACCEPT
+		$NFT add rule ip filter input ip saddr 192.168.0.55 tcp dport $i accept
+		$NFT add rule ip filter input ip saddr 127.0.0.1 tcp dport $i accept
+
+#		$NFT_TCP $i $NFT_ACCEPT
+	done
+}
+
+uptimeKuma() {
+	for i in "${UPTIME[@]}"; do
+		$NFT add rule ip filter input ip saddr 192.168.0.55 tcp dport $i accept
 	done
 }
 
@@ -196,16 +207,22 @@ wireguard() {
 
 web() {
 	for i in "${WEB[@]}"; do
-		$NFT add rule ip filter input ip saddr 192.168.0.1 tcp dport 443 accept
+		$NFT_TCP $i $NFT_ACCEPT
-		$NFT add rule ip filter input ip saddr 192.168.0.1 tcp dport 80 accept
-		#$NFT_TCP $i $NFT_ACCEPT
 	done
 }
 
+dns(){
+	for i in "${DNS[@]}"; do
+		$NFT_TCP $i $NFT_ACCEPT
+		$NFT_UDP $i $NFT_ACCEPT
+	done
+
+}
+
 adguard() {
 	for i in "${ADGUARD[@]}"; do
-		$NFT_TCP $i $NFT_ACCEPT
+		$NFT add rule ip filter input ip saddr 192.168.0.55 tcp dport $i accept
-		$NFT_UDP $i $NFT_ACCEPT
+		$NFT add rule ip filter input ip saddr 192.168.0.55 udp dport $i accept
 	done
 }
 
@@ -224,7 +241,7 @@ bitcoin() {
 
 lnd() {
 	for i in "${LND[@]}"; do
-		$NFT_TCP $i $NFT_ACCEPT
+		$NFT add rule ip filter input ip saddr 192.168.0.55 tcp dport $i accept
 	done
 }
 
@@ -266,25 +283,21 @@ start() {
 	$NFT -f /usr/share/doc/nftables/examples/ipv4-filter.nft
 
 	if [[ $HOSTNAME == *"nas"* ]]; then
+		wireguard
+		web
+		admin
+		adguard
+		dns
+		cups
+		jellyfin
+		tor
+		wireguard-networking
+		uptimeKuma
+		podman restart uptime-kuma
 		attacker-protection
 		bot-search
 		saved-bots
 		fediblock
-		wireguard
-		web
-		#admin
-		adguard
-		cups
-		bitcoin
-		#syncthing
-		lnd
-		jellyfin
-		tor
-		wireguard-networking
-
-		#Uptime
-		podman restart uptime-kuma
-
 		basic-security
 	else
 		{

pedo-log.txt

@@ -18,3 +18,5 @@
 164.90.134.114
 159.89.185.5
 160.16.228.67
+159.89.185.5
+160.16.228.67