fix
This commit is contained in:
Your Name
parent
2ad67b418e
commit
81f9523efe
@ -126,4 +126,5 @@ Barkrowler
|
||||
Googlebot-Image
|
||||
CensysInspect
|
||||
FediList
|
||||
WhatsApp
|
||||
Go-http-client
|
||||
|
||||
64
firewall2.sh
64
firewall2.sh
@ -42,6 +42,8 @@ CRAWLER_TMP='/tmp/crawlers.txt'
|
||||
DATE="$(date +%Y:%H: -d "1 hour ago")"
|
||||
#DATE="$(date +%Y:%H:)";
|
||||
RULE_SET='/opt/firewall/nft.rules'
|
||||
MENU_TOP="=============================FireWall================================="
|
||||
MENU_BOTTOM="====================================================================="
|
||||
COUNTRY=(
|
||||
https://www.ipdeny.com/ipblocks/data/countries/il.zone
|
||||
https://www.ipdeny.com/ipblocks/data/countries/cn.zone
|
||||
@ -299,14 +301,21 @@ start() {
|
||||
research(){
|
||||
STATS=( $( cat $TMP_BLOCK ) )
|
||||
for i in "${STATS[@]}"; do
|
||||
echo "------------------[Researching $i]-----------------------"
|
||||
echo $MENU_TOP
|
||||
echo " [Researching $i] "
|
||||
grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC
|
||||
echo "------------------[ENDi]-----------------------"
|
||||
echo $MENU_BOTTOM
|
||||
echo
|
||||
read -p 'Press Enter to Continue ' -e -i continue
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
done
|
||||
}
|
||||
|
||||
automaticStatus(){
|
||||
status
|
||||
sleep 30
|
||||
automaticStatus
|
||||
}
|
||||
|
||||
status() {
|
||||
clear
|
||||
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
|
||||
@ -318,7 +327,7 @@ status() {
|
||||
GATEWAY=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l )
|
||||
SUCCESS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l )
|
||||
CRAWL=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l )
|
||||
echo "=================================================================="
|
||||
echo $MENU_TOP
|
||||
echo "Attack Threshold: $ATTACK_THRESHOLD"
|
||||
echo "Firewall Rules: $($NFT list table filter | wc -l)"
|
||||
echo
|
||||
@ -335,9 +344,7 @@ status() {
|
||||
echo
|
||||
echo "Rate-limited IP's:"
|
||||
cat $TMP_BLOCK
|
||||
echo "=================================================================="
|
||||
sleep 30
|
||||
status
|
||||
echo $MENU_BOTTOM
|
||||
}
|
||||
|
||||
stop() {
|
||||
@ -389,6 +396,22 @@ saved-attackers() {
|
||||
done
|
||||
}
|
||||
|
||||
module-wordpress(){
|
||||
WP_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||
if [[ "$WP_SPAM" -gt 2 ]];
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
|
||||
fi
|
||||
}
|
||||
|
||||
module-lightning(){
|
||||
LN_SPAM=$( grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
|
||||
if [[ "$LN_SPAM" -gt 5 ]];
|
||||
then
|
||||
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
|
||||
fi
|
||||
}
|
||||
|
||||
watch() {
|
||||
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
|
||||
echo "Scanning $DATE"
|
||||
@ -398,6 +421,10 @@ watch() {
|
||||
COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l)
|
||||
echo "$i $COUNT"
|
||||
CHECK=$( cat $NFT_CACHE | grep $i)
|
||||
|
||||
module-lightning "$i" "$DATE"
|
||||
module-wordpress "$i" "$DATE"
|
||||
|
||||
if [ "$CHECK" = "" ];
|
||||
then
|
||||
if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then
|
||||
@ -417,13 +444,15 @@ watch() {
|
||||
menu() {
|
||||
clear
|
||||
echo
|
||||
echo "=============================FireWall==================================="
|
||||
echo $MENU_TOP
|
||||
echo "1. Start"
|
||||
echo "2. Stop"
|
||||
echo "3. Reseearch"
|
||||
echo "4. Forgive"
|
||||
echo "5. Quit"
|
||||
echo "========================================================================"
|
||||
echo "5. Status"
|
||||
echo "6. Live Traffic"
|
||||
echo "0. Quit"
|
||||
echo $MENU_BOTTOM
|
||||
echo
|
||||
read -p 'Choice: ' CHOICE
|
||||
echo
|
||||
@ -431,21 +460,26 @@ if [ "$CHOICE" = "1" ]; then
|
||||
echo
|
||||
echo "Starting Firewall"
|
||||
start
|
||||
read -p 'Press Enter to Continue ' -e -i continue
|
||||
read -p 'Press Enter to Continue ' -e-
|
||||
elif [ "$CHOICE" = "2" ]; then
|
||||
echo
|
||||
echo "Stopping Firewall"
|
||||
stop
|
||||
read -p 'Press Enter to Continue ' -e -i continue
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "3" ]; then
|
||||
research
|
||||
read -p 'Press Enter to Continue ' -e -i continue
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "4" ]; then
|
||||
forgive
|
||||
read -p 'Press Enter to Continue ' -e -i continue
|
||||
elif [ "$CHOICE" = "5" ]; then
|
||||
status
|
||||
elif [ "$CHOICE" = "6" ]; then
|
||||
tail -f $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB
|
||||
read -p 'Press Enter to Continue ' -e
|
||||
elif [ "$CHOICE" = "0" ]; then
|
||||
exit
|
||||
fi
|
||||
echo
|
||||
menu
|
||||
}
|
||||
|
||||
@ -461,7 +495,7 @@ elif [ "$1" = "attacker-protection" ]; then
|
||||
elif [ "$1" = "country" ]; then
|
||||
blockCountry
|
||||
elif [ "$1" = "status" ]; then
|
||||
status
|
||||
automaticStatus
|
||||
elif [ "$1" = "forgive" ]; then
|
||||
forgive
|
||||
elif [ "$1" = "watch" ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user