verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2024-09-10 15:21:29 -06:00
parent 2ad67b418e
commit 81f9523efe
3 changed files with 119 additions and 20952 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crawlers.txt
View File

@ -126,4 +126,5 @@ Barkrowler
Googlebot-Image Googlebot-Image
CensysInspect CensysInspect
FediList FediList
WhatsApp
Go-http-client Go-http-client

64
firewall2.sh
View File

@ -42,6 +42,8 @@ CRAWLER_TMP='/tmp/crawlers.txt'
DATE="$(date +%Y:%H: -d "1 hour ago")" DATE="$(date +%Y:%H: -d "1 hour ago")"
#DATE="$(date +%Y:%H:)"; #DATE="$(date +%Y:%H:)";
RULE_SET='/opt/firewall/nft.rules' RULE_SET='/opt/firewall/nft.rules'
MENU_TOP="=============================FireWall================================="
MENU_BOTTOM="====================================================================="
COUNTRY=( COUNTRY=(
https://www.ipdeny.com/ipblocks/data/countries/il.zone https://www.ipdeny.com/ipblocks/data/countries/il.zone
https://www.ipdeny.com/ipblocks/data/countries/cn.zone https://www.ipdeny.com/ipblocks/data/countries/cn.zone
@ -299,14 +301,21 @@ start() {
research(){ research(){
STATS=( $( cat $TMP_BLOCK ) ) STATS=( $( cat $TMP_BLOCK ) )
for i in "${STATS[@]}"; do for i in "${STATS[@]}"; do
echo "------------------[Researching $i]-----------------------" echo $MENU_TOP
echo " [Researching $i] "
grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC
echo "------------------[ENDi]-----------------------" echo $MENU_BOTTOM
echo echo
read -p 'Press Enter to Continue ' -e -i continue read -p 'Press Enter to Continue ' -e
done done
} }
automaticStatus(){
status
sleep 30
automaticStatus
}
status() { status() {
clear clear
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )" DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
@ -318,7 +327,7 @@ status() {
GATEWAY=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l ) GATEWAY=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l )
SUCCESS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l ) SUCCESS=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l )
CRAWL=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l ) CRAWL=$( grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l )
echo "==================================================================" echo $MENU_TOP
echo "Attack Threshold: $ATTACK_THRESHOLD" echo "Attack Threshold: $ATTACK_THRESHOLD"
echo "Firewall Rules: $($NFT list table filter | wc -l)" echo "Firewall Rules: $($NFT list table filter | wc -l)"
echo echo
@ -335,9 +344,7 @@ status() {
echo echo
echo "Rate-limited IP's:" echo "Rate-limited IP's:"
cat $TMP_BLOCK cat $TMP_BLOCK
echo "==================================================================" echo $MENU_BOTTOM
sleep 30
status
} }
stop() { stop() {
@ -389,6 +396,22 @@ saved-attackers() {
done done
} }
module-wordpress(){
WP_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
if [[ "$WP_SPAM" -gt 2 ]];
then
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
fi
}
module-lightning(){
LN_SPAM=$( grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
if [[ "$LN_SPAM" -gt 5 ]];
then
$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
fi
}
watch() { watch() {
DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )" DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
echo "Scanning $DATE" echo "Scanning $DATE"
@ -398,6 +421,10 @@ watch() {
COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l) COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l)
echo "$i $COUNT" echo "$i $COUNT"
CHECK=$( cat $NFT_CACHE | grep $i) CHECK=$( cat $NFT_CACHE | grep $i)
module-lightning "$i" "$DATE"
module-wordpress "$i" "$DATE"
if [ "$CHECK" = "" ]; if [ "$CHECK" = "" ];
then then
if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then
@ -417,13 +444,15 @@ watch() {
menu() { menu() {
clear clear
echo echo
echo "=============================FireWall===================================" echo $MENU_TOP
echo "1. Start" echo "1. Start"
echo "2. Stop" echo "2. Stop"
echo "3. Reseearch" echo "3. Reseearch"
echo "4. Forgive" echo "4. Forgive"
echo "5. Quit" echo "5. Status"
echo "========================================================================" echo "6. Live Traffic"
echo "0. Quit"
echo $MENU_BOTTOM
echo echo
read -p 'Choice: ' CHOICE read -p 'Choice: ' CHOICE
echo echo
@ -431,21 +460,26 @@ if [ "$CHOICE" = "1" ]; then
echo echo
echo "Starting Firewall" echo "Starting Firewall"
start start
read -p 'Press Enter to Continue ' -e -i continue read -p 'Press Enter to Continue ' -e-
elif [ "$CHOICE" = "2" ]; then elif [ "$CHOICE" = "2" ]; then
echo echo
echo "Stopping Firewall" echo "Stopping Firewall"
stop stop
read -p 'Press Enter to Continue ' -e -i continue read -p 'Press Enter to Continue ' -e
elif [ "$CHOICE" = "3" ]; then elif [ "$CHOICE" = "3" ]; then
research research
read -p 'Press Enter to Continue ' -e -i continue read -p 'Press Enter to Continue ' -e
elif [ "$CHOICE" = "4" ]; then elif [ "$CHOICE" = "4" ]; then
forgive forgive
read -p 'Press Enter to Continue ' -e -i continue
elif [ "$CHOICE" = "5" ]; then elif [ "$CHOICE" = "5" ]; then
status
elif [ "$CHOICE" = "6" ]; then
tail -f $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB
read -p 'Press Enter to Continue ' -e
elif [ "$CHOICE" = "0" ]; then
exit exit
fi fi
echo
menu menu
} }
@ -461,7 +495,7 @@ elif [ "$1" = "attacker-protection" ]; then
elif [ "$1" = "country" ]; then elif [ "$1" = "country" ]; then
blockCountry blockCountry
elif [ "$1" = "status" ]; then elif [ "$1" = "status" ]; then
status automaticStatus
elif [ "$1" = "forgive" ]; then elif [ "$1" = "forgive" ]; then
forgive forgive
elif [ "$1" = "watch" ]; then elif [ "$1" = "watch" ]; then

21006
nft.rules
View File

File diff suppressed because it is too large Load Diff