fix
This commit is contained in:
Your Name
parent
dea2d047a1
commit
8ae29781d1
479
bots.txt
479
bots.txt
@ -1395,3 +1395,482 @@
|
||||
78.153.140.151
|
||||
39.173.105.162
|
||||
39.173.105.165
|
||||
66.220.149.53
|
||||
78.153.140.218
|
||||
185.8.166.15
|
||||
20.81.159.98
|
||||
20.55.86.179
|
||||
198.235.24.159
|
||||
194.247.173.99
|
||||
147.185.132.213
|
||||
87.250.224.206
|
||||
87.250.224.215
|
||||
64.71.131.243
|
||||
5.255.231.36
|
||||
20.81.159.134
|
||||
176.9.71.213
|
||||
2a03:2880:27ff:8::face:b00c
|
||||
172.183.122.244
|
||||
205.210.31.140
|
||||
213.180.203.41
|
||||
5.255.231.79
|
||||
2a03:2880:11ff:1c::face:b00c
|
||||
5.255.231.88
|
||||
95.108.213.241
|
||||
20.55.223.80
|
||||
52.234.38.252
|
||||
129.21.49.50
|
||||
2a03:2880:27ff:11::face:b00c
|
||||
213.180.203.40
|
||||
213.180.203.46
|
||||
2a03:2880:ff:37::face:b00c
|
||||
69.171.249.46
|
||||
40.76.119.168
|
||||
213.180.203.143
|
||||
95.108.213.133
|
||||
195.154.122.217
|
||||
54.36.148.129
|
||||
2a03:2880:27ff:d::face:b00c
|
||||
54.36.148.55
|
||||
2a03:2880:11ff:1c::face:b00c
|
||||
87.250.224.217
|
||||
54.36.148.198
|
||||
35.203.210.99
|
||||
54.36.148.161
|
||||
116.179.32.202
|
||||
116.179.37.110
|
||||
116.179.37.3
|
||||
116.179.37.9
|
||||
95.108.213.191
|
||||
95.108.213.79
|
||||
172.183.131.97
|
||||
2a03:2880:f800:d::
|
||||
192.99.9.92
|
||||
2a03:2880:ff:2::face:b00c
|
||||
2a03:2880:f800::
|
||||
2a03:2880:27ff:10::face:b00c
|
||||
205.210.31.37
|
||||
173.252.83.57
|
||||
173.252.83.7
|
||||
85.208.98.31
|
||||
69.171.249.15
|
||||
173.252.83.14
|
||||
74.48.56.178
|
||||
135.181.121.5
|
||||
49.212.210.161
|
||||
77.75.78.164
|
||||
95.108.213.166
|
||||
142.132.250.105
|
||||
20.97.191.63
|
||||
172.183.154.177
|
||||
173.252.107.124
|
||||
173.252.107.5
|
||||
5.255.231.53
|
||||
173.252.69.116
|
||||
173.252.83.64
|
||||
195.154.122.48
|
||||
54.36.149.29
|
||||
69.171.230.9
|
||||
149.154.161.217
|
||||
89.58.7.71
|
||||
173.252.83.53
|
||||
101.36.106.134
|
||||
2a03:2880:27ff:13::face:b00c
|
||||
40.76.238.211
|
||||
5.255.231.198
|
||||
5.255.231.74
|
||||
173.252.83.41
|
||||
172.200.199.246
|
||||
66.220.149.44
|
||||
2a03:2880:27ff:31::face:b00c
|
||||
198.235.24.181
|
||||
62.171.185.246
|
||||
45.77.78.243
|
||||
2a03:2880:ff:34::face:b00c
|
||||
2a03:2880:ff:31::face:b00c
|
||||
20.75.95.246
|
||||
172.183.84.70
|
||||
54.36.148.54
|
||||
213.180.203.66
|
||||
66.249.79.71
|
||||
54.36.148.103
|
||||
2a03:2880:ff:2::face:b00c
|
||||
2a03:2880:ff:32::face:b00c
|
||||
2a03:2880:ff:34::face:b00c
|
||||
2a03:2880:ff:4::face:b00c
|
||||
195.154.122.101
|
||||
54.36.149.11
|
||||
85.214.39.12
|
||||
2a03:2880:ff:72::face:b00c
|
||||
66.249.68.69
|
||||
20.51.207.141
|
||||
20.49.54.12
|
||||
168.119.68.245
|
||||
54.36.148.214
|
||||
54.36.149.45
|
||||
173.252.87.28
|
||||
185.153.151.137
|
||||
51.83.67.108
|
||||
66.249.68.67
|
||||
198.235.24.238
|
||||
172.183.51.71
|
||||
13.83.123.156
|
||||
95.108.213.226
|
||||
213.180.203.80
|
||||
5.255.231.52
|
||||
34.201.138.2
|
||||
54.36.148.142
|
||||
185.250.36.149
|
||||
172.183.154.247
|
||||
34.204.43.115
|
||||
52.159.142.200
|
||||
205.210.31.47
|
||||
147.185.132.153
|
||||
2a03:2880:13ff:34::face:b00c
|
||||
2a03:2880:13ff:24::face:b00c
|
||||
2a03:2880:13ff:13::face:b00c
|
||||
83.221.235.239
|
||||
2a03:2880:27ff:1b::face:b00c
|
||||
2a03:2880:27ff:2a::face:b00c
|
||||
20.84.127.31
|
||||
20.81.159.136
|
||||
213.180.203.102
|
||||
213.180.203.45
|
||||
5.255.231.112
|
||||
5.255.231.170
|
||||
87.250.224.209
|
||||
87.250.224.27
|
||||
95.108.213.196
|
||||
95.108.213.239
|
||||
95.108.213.172
|
||||
95.108.213.118
|
||||
2a03:2880:13ff:27::face:b00c
|
||||
2a03:2880:11ff::face:b00c
|
||||
95.108.213.144
|
||||
2a03:2880:13ff:17::face:b00c
|
||||
5.255.231.39
|
||||
67.60.49.227
|
||||
172.183.79.9
|
||||
20.161.78.46
|
||||
51.159.99.70
|
||||
5.2.88.61
|
||||
185.153.151.177
|
||||
206.168.34.33
|
||||
192.99.37.124
|
||||
198.235.24.25
|
||||
5.255.231.80
|
||||
5.255.231.93
|
||||
124.236.100.56
|
||||
95.108.213.81
|
||||
147.185.132.228
|
||||
173.252.83.49
|
||||
52.157.14.169
|
||||
52.184.154.219
|
||||
191.183.40.109
|
||||
51.222.253.5
|
||||
54.36.148.253
|
||||
35.203.210.177
|
||||
213.180.203.94
|
||||
69.171.249.47
|
||||
172.183.107.212
|
||||
52.157.14.161
|
||||
173.252.107.10
|
||||
173.252.107.4
|
||||
60.13.6.42
|
||||
172.183.131.203
|
||||
52.234.38.253
|
||||
66.220.149.10
|
||||
69.171.230.10
|
||||
182.138.158.241
|
||||
172.183.53.45
|
||||
5.255.231.58
|
||||
95.108.213.206
|
||||
2a03:2880:ff:2f::face:b00c
|
||||
173.252.107.16
|
||||
52.159.137.0
|
||||
69.171.249.29
|
||||
148.251.28.156
|
||||
172.183.52.202
|
||||
20.102.46.181
|
||||
173.252.87.13
|
||||
136.37.204.109
|
||||
208.100.26.249
|
||||
40.76.181.127
|
||||
5.255.231.54
|
||||
172.190.111.146
|
||||
5.255.231.66
|
||||
2a03:2880:f800:13::
|
||||
149.102.230.117
|
||||
149.102.230.118
|
||||
149.102.230.119
|
||||
66.220.149.29
|
||||
2a03:2880:ff:7::face:b00c
|
||||
2a03:2880:ff:b::face:b00c
|
||||
2a03:2880:2ff:b::face:b00c
|
||||
2a03:2880:f800:3::
|
||||
37.205.8.133
|
||||
66.249.73.19
|
||||
20.55.15.19
|
||||
199.45.154.152
|
||||
5.161.195.164
|
||||
2a03:2880:2ff:2::face:b00c
|
||||
173.252.83.28
|
||||
52.225.77.105
|
||||
136.243.228.193
|
||||
20.97.191.129
|
||||
5.255.231.197
|
||||
213.180.203.96
|
||||
66.249.73.16
|
||||
152.53.13.50
|
||||
2a03:2880:f800:4::
|
||||
173.252.87.10
|
||||
20.55.222.106
|
||||
5.255.231.189
|
||||
95.108.213.158
|
||||
64.124.8.222
|
||||
157.90.241.184
|
||||
66.249.73.15
|
||||
20.161.61.226
|
||||
2a03:2880:f800:11::
|
||||
40.76.117.201
|
||||
66.249.73.17
|
||||
40.113.88.169
|
||||
66.249.73.18
|
||||
95.108.213.115
|
||||
2a03:2880:22ff:6::face:b00c
|
||||
188.165.194.82
|
||||
20.55.46.193
|
||||
74.80.208.87
|
||||
52.238.27.213
|
||||
78.153.140.223
|
||||
85.215.52.165
|
||||
213.180.203.59
|
||||
2a03:2880:11ff:4::face:b00c
|
||||
2a03:2880:11ff:a::face:b00c
|
||||
147.185.132.180
|
||||
167.94.138.39
|
||||
162.142.125.200
|
||||
167.94.138.52
|
||||
206.168.34.215
|
||||
206.168.34.200
|
||||
162.142.125.204
|
||||
20.172.5.222
|
||||
206.168.34.219
|
||||
162.142.125.35
|
||||
167.94.138.115
|
||||
4.227.114.180
|
||||
206.168.34.43
|
||||
162.142.125.216
|
||||
206.168.34.32
|
||||
162.142.125.214
|
||||
167.94.138.33
|
||||
206.168.34.123
|
||||
167.94.138.119
|
||||
206.168.34.112
|
||||
2a03:2880:22ff:73::face:b00c
|
||||
213.180.203.127
|
||||
95.108.213.116
|
||||
23.228.122.107
|
||||
2a03:2880:22ff:73::face:b00c
|
||||
66.220.149.15
|
||||
173.252.83.13
|
||||
94.23.207.193
|
||||
172.183.53.139
|
||||
172.183.82.212
|
||||
91.137.27.140
|
||||
213.180.203.70
|
||||
116.179.32.242
|
||||
116.179.37.144
|
||||
116.179.37.155
|
||||
116.179.37.207
|
||||
116.179.37.219
|
||||
95.217.195.123
|
||||
95.108.213.184
|
||||
94.244.97.69
|
||||
2a03:2880:13ff:2c::face:b00c
|
||||
66.249.73.14
|
||||
20.55.126.65
|
||||
116.179.37.174
|
||||
116.179.37.194
|
||||
116.179.37.50
|
||||
116.179.37.56
|
||||
220.181.108.104
|
||||
172.183.154.100
|
||||
173.252.70.5
|
||||
194.36.147.177
|
||||
66.249.66.77
|
||||
20.161.76.225
|
||||
2a01:4ff:f0:959::1
|
||||
40.67.141.250
|
||||
162.216.150.39
|
||||
173.252.87.23
|
||||
45.148.10.206
|
||||
8.209.96.179
|
||||
52.137.184.193
|
||||
147.185.133.74
|
||||
173.252.70.4
|
||||
2a03:2880:13ff:1d::face:b00c
|
||||
65.108.46.72
|
||||
54.36.148.118
|
||||
69.171.249.58
|
||||
70.129.57.92
|
||||
54.90.203.135
|
||||
213.180.203.39
|
||||
87.250.224.83
|
||||
173.252.83.50
|
||||
173.252.83.34
|
||||
66.220.149.52
|
||||
66.220.149.57
|
||||
173.252.83.31
|
||||
34.134.251.254
|
||||
69.171.249.32
|
||||
173.252.87.30
|
||||
66.249.66.83
|
||||
5.255.231.96
|
||||
88.153.41.60
|
||||
103.86.174.80
|
||||
213.180.203.48
|
||||
98.81.25.120
|
||||
69.171.230.22
|
||||
20.55.118.254
|
||||
94.156.35.98
|
||||
66.220.149.114
|
||||
216.66.77.174
|
||||
37.187.150.5
|
||||
18.205.56.209
|
||||
20.109.37.7
|
||||
213.180.203.209
|
||||
64.124.8.233
|
||||
74.80.208.153
|
||||
74.80.208.218
|
||||
20.55.126.73
|
||||
20.55.15.17
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
95.217.122.172
|
||||
152.53.13.50
|
||||
66.249.66.72
|
||||
74.80.208.153
|
||||
23.228.122.107
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
54.36.148.20
|
||||
74.80.208.153
|
||||
167.172.244.121
|
||||
54.36.148.20
|
||||
74.80.208.153
|
||||
167.172.244.121
|
||||
54.36.148.20
|
||||
74.80.208.153
|
||||
167.172.244.121
|
||||
172.233.223.114
|
||||
51.222.253.8
|
||||
54.36.148.20
|
||||
64.124.8.1
|
||||
74.80.208.153
|
||||
85.208.96.207
|
||||
167.172.244.121
|
||||
172.233.223.114
|
||||
51.222.253.8
|
||||
54.36.148.20
|
||||
64.124.8.1
|
||||
74.80.208.153
|
||||
85.208.96.207
|
||||
167.172.244.121
|
||||
64.124.8.244
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
64.124.8.244
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
18.205.56.209
|
||||
167.172.244.121
|
||||
18.205.56.209
|
||||
65.21.61.25
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
65.21.61.25
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
65.21.61.25
|
||||
167.172.244.121
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
174.138.53.241
|
||||
167.172.244.121
|
||||
174.138.53.241
|
||||
167.172.244.121
|
||||
174.138.53.241
|
||||
66.249.66.9
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
64.124.8.244
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
64.124.8.244
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
64.124.8.244
|
||||
95.217.122.172
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
64.124.8.244
|
||||
95.217.122.172
|
||||
167.172.244.121
|
||||
172.233.223.114
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
95.217.122.172
|
||||
167.172.244.121
|
||||
172.233.223.114
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
95.217.122.172
|
||||
167.172.244.121
|
||||
172.233.223.114
|
||||
64.124.8.1
|
||||
66.249.66.9
|
||||
95.217.122.172
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
66.249.66.9
|
||||
167.172.244.121
|
||||
74.80.208.153
|
||||
83.223.94.98
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
64.124.8.1
|
||||
66.249.73.6
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
167.172.244.121
|
||||
136.243.228.182
|
||||
167.172.244.121
|
||||
|
||||
93
firewall2.sh
93
firewall2.sh
@ -19,14 +19,13 @@ MACHINES=(127.0.0.1)
|
||||
VIRT_BRIDGE="virbr0"
|
||||
ADMIN=(22)
|
||||
#### NFT CONFIG ####
|
||||
NFT='/usr/sbin/nft'
|
||||
NFT='/usr/bin/nft'
|
||||
NFT_TCP="$NFT add rule ip filter input tcp dport"
|
||||
NFT_UDP="$NFT add rule ip filter input udp dport"
|
||||
NFT6_UDP="$NFT add rule ip6 filter input udp dport"
|
||||
NFT6_TCP="$NFT add rule ip6 filter input tcp dport"
|
||||
NFT_DROP='counter drop'
|
||||
NFT_ACCEPT='counter accept'
|
||||
NFT='/usr/sbin/nft'
|
||||
NFT_CACHE='/tmp/nft.cache'
|
||||
TMP_BLOCK='/tmp/tmp-blocked.txt'
|
||||
####
|
||||
@ -51,13 +50,36 @@ COUNTRY=(
|
||||
|
||||
nft list table filter >$NFT_CACHE
|
||||
|
||||
ipBlockParser(){
|
||||
if [[ "$1" == *":"* ]]; then
|
||||
$NFT add rule ip6 filter input position 8 ip6 saddr $1 $NFT_DROP &
|
||||
else
|
||||
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP &
|
||||
fi
|
||||
}
|
||||
|
||||
portOpenParser(){
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
$NFT6_TCP $i $NFT_ACCEPT
|
||||
$NFT6_UDP $i $NFT_ACCEPT
|
||||
}
|
||||
|
||||
ipDeleteParse(){
|
||||
if [[ "$1" == *":"* ]]; then
|
||||
$NFT delete rule ip6 filter input handle $HANDLE
|
||||
else
|
||||
$NFT delete rule ip filter input handle $HANDLE
|
||||
fi
|
||||
}
|
||||
|
||||
blockCountry() {
|
||||
for i in "${COUNTRY[@]}"; do
|
||||
echo
|
||||
echo "Blocking $i"
|
||||
DB=($(curl $i))
|
||||
for j in "${DB[@]}"; do
|
||||
$NFT add rule ip filter input position 8 ip saddr $j $NFT_DROP
|
||||
ipBlockParser $j
|
||||
done
|
||||
done
|
||||
|
||||
@ -91,7 +113,7 @@ bot-search() {
|
||||
for i in "${CRAWLERS[@]}"; do
|
||||
CHECK=$(cat $NFT_CACHE | grep $i)
|
||||
if [ "$CHECK" = "" ]; then
|
||||
$NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP
|
||||
ipBlockParser $i
|
||||
echo $i >>$SAVED_BOTS
|
||||
else
|
||||
echo
|
||||
@ -157,59 +179,46 @@ uptimeKuma() {
|
||||
|
||||
admin() {
|
||||
for i in "${ADMIN[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
wireguard() {
|
||||
sysctl -w net.ipv4.conf.all.forwarding=1
|
||||
for i in "${WIREGUARD[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
web() {
|
||||
for i in "${WEB[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
dns() {
|
||||
for i in "${DNS[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
adguard() {
|
||||
for i in "${ADGUARD[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
cups() {
|
||||
for i in "${CUPS[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
bitcoin() {
|
||||
for i in "${BITCOIN[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
@ -228,19 +237,13 @@ syncthingServer() {
|
||||
|
||||
syncthing() {
|
||||
for i in "${SYNCTHING[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
jellyfin() {
|
||||
for i in "${JELLYFIN[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
#$NFT6_TCP $i $NFT_ACCEPT
|
||||
#$NFT6_UDP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
@ -251,8 +254,7 @@ kde-connect() {
|
||||
|
||||
nfs() {
|
||||
for i in "${NFS[@]}"; do
|
||||
$NFT_TCP $i $NFT_ACCEPT
|
||||
$NFT_UDP $i $NFT_ACCEPT
|
||||
portOpenParser $i
|
||||
done
|
||||
}
|
||||
|
||||
@ -266,11 +268,7 @@ import() {
|
||||
|
||||
STATS=($(cat $SAVED_BOTS | sort -u))
|
||||
for i in "${STATS[@]}"; do
|
||||
if [[ $i == *":"* ]]; then
|
||||
echo "Skipping ipv6"
|
||||
else
|
||||
$NFT add rule ip filter input ip saddr $i $NFT_DROP &
|
||||
fi
|
||||
ipBlockParser $i
|
||||
done
|
||||
}
|
||||
|
||||
@ -285,11 +283,11 @@ start() {
|
||||
#echo
|
||||
#echo "No existing Rules saved"
|
||||
$NFT -f /opt/firewall/ipv4-filter.nft
|
||||
$NFT -f /opt/firewall/ipv6-filter.nft
|
||||
# fi
|
||||
|
||||
if [[ $HOSTNAME == *"nas"* ]]; then
|
||||
|
||||
import
|
||||
attacker-protection
|
||||
wireguard
|
||||
web
|
||||
@ -306,6 +304,7 @@ start() {
|
||||
docker restart uptime-kuma
|
||||
$NFT insert rule filter input iif docker0 $NFT_ACCEPT
|
||||
basic-security
|
||||
import
|
||||
else
|
||||
virtualization
|
||||
basic-security
|
||||
@ -394,7 +393,7 @@ forgive() {
|
||||
HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
|
||||
echo "Removing: $i Handle: $HANDLE"
|
||||
echo $NFT delete rule ip filter input handle $HANDLE
|
||||
$NFT delete rule ip filter input handle $HANDLE
|
||||
ipDeleteParser $HANDLE
|
||||
done
|
||||
|
||||
echo "Clearing old $TMP_BLOCK"
|
||||
@ -409,7 +408,7 @@ saved-attackers() {
|
||||
if [ "$CHECK" = "" ]; then
|
||||
echo "Blocking IP: $i"
|
||||
logger "Blocking IP: $i"
|
||||
$NFT add rule ip filter input ip saddr $i $NFT_DROP
|
||||
ipBlockParser $i
|
||||
else
|
||||
echo
|
||||
echo "Skipping Duplicate IP $i"
|
||||
@ -421,7 +420,7 @@ saved-attackers() {
|
||||
module-go() {
|
||||
GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
|
||||
if [[ "$GO_SPAM" -gt 20 ]]; then
|
||||
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
||||
ipBlockParser "$1"
|
||||
echo $1 >>$TMP_BLOCK
|
||||
message "Go Spam Attack!"
|
||||
fi
|
||||
@ -430,7 +429,7 @@ module-go() {
|
||||
module-get-spam() {
|
||||
GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
|
||||
if [[ "$GET_SPAM" -gt 20 ]]; then
|
||||
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
||||
ipBlockParser "$1"
|
||||
echo $1 >>$TMP_BLOCK
|
||||
message "GET Spam Attack!"
|
||||
fi
|
||||
@ -439,7 +438,7 @@ module-get-spam() {
|
||||
module-php() {
|
||||
PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
|
||||
if [[ "$PHP_SPAM" -gt 2 ]]; then
|
||||
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
||||
ipBlockParser "$1"
|
||||
echo $1 >>$TMP_BLOCK
|
||||
message "PHP Attack!"
|
||||
fi
|
||||
@ -448,7 +447,7 @@ module-php() {
|
||||
module-lightning() {
|
||||
LN_SPAM=$(grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l)
|
||||
if [[ "$LN_SPAM" -gt 5 ]]; then
|
||||
$NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP
|
||||
ipBlockParser "$1"
|
||||
message "Lightning Spam Attack!"
|
||||
echo $1 >>$TMP_BLOCK
|
||||
fi
|
||||
@ -481,7 +480,7 @@ watch() {
|
||||
echo "Blocking IP: $i Count: $COUNT"
|
||||
logger "Blocking IP: $i with a count of: $COUNT"
|
||||
echo $i >>$TMP_BLOCK
|
||||
$NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP
|
||||
ipBlockParser $i
|
||||
message "Blocking IP: $i with a count of: $COUNT"
|
||||
else
|
||||
echo
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
table ip6 filter {
|
||||
chain input { type filter hook input priority 0; drop;}
|
||||
chain input { type filter hook input priority 0; policy drop;}
|
||||
chain forward { type filter hook forward priority 0; drop;}
|
||||
chain output { type filter hook output priority 0; drop; }
|
||||
}
|
||||
|
||||
133
nft.rules
133
nft.rules
@ -4,89 +4,14 @@ table ip filter {
|
||||
iif "lo" counter accept
|
||||
ct state established counter accept
|
||||
iif "docker0" counter accept
|
||||
ip saddr 185.224.128.59 counter drop
|
||||
ip saddr 66.249.66.9 counter drop
|
||||
ip saddr 167.172.244.121 counter drop
|
||||
tcp dport 57692 counter accept
|
||||
udp dport 57692 counter accept
|
||||
ip saddr 20.55.46.115 counter drop
|
||||
ip saddr 85.208.96.202 counter drop
|
||||
ip saddr 185.191.171.3 counter drop
|
||||
ip saddr 13.83.123.118 counter drop
|
||||
ip saddr 185.191.171.7 counter drop
|
||||
ip saddr 85.208.96.207 counter drop
|
||||
ip saddr 185.191.171.9 counter drop
|
||||
ip saddr 185.191.171.12 counter drop
|
||||
ip saddr 172.233.223.114 counter drop
|
||||
ip saddr 66.249.66.43 counter drop
|
||||
ip saddr 66.249.66.11 counter drop
|
||||
ip saddr 66.249.66.38 counter drop
|
||||
ip saddr 168.119.6.104 counter drop
|
||||
ip saddr 66.249.66.5 counter drop
|
||||
ip saddr 51.222.253.18 counter drop
|
||||
ip saddr 40.88.21.235 counter drop
|
||||
ip saddr 157.90.134.159 counter drop
|
||||
ip saddr 185.224.128.187 counter drop
|
||||
ip saddr 13.79.186.224 counter drop
|
||||
ip saddr 13.79.186.224 counter drop
|
||||
ip saddr 13.79.186.224 counter drop
|
||||
ip saddr 205.210.31.245 counter drop
|
||||
ip saddr 185.191.171.15 counter drop
|
||||
ip saddr 185.191.171.10 counter drop
|
||||
ip saddr 204.122.16.7 counter drop
|
||||
ip saddr 185.191.171.13 counter drop
|
||||
ip saddr 217.113.194.232 counter drop
|
||||
ip saddr 185.191.171.6 counter drop
|
||||
ip saddr 185.191.171.5 counter drop
|
||||
ip saddr 89.73.104.251 counter drop
|
||||
ip saddr 87.250.224.31 counter drop
|
||||
ip saddr 65.21.61.25 counter drop
|
||||
ip saddr 217.113.194.239 counter drop
|
||||
ip saddr 217.113.194.238 counter drop
|
||||
ip saddr 217.113.194.236 counter drop
|
||||
ip saddr 154.54.249.218 counter drop
|
||||
ip saddr 65.21.232.254 counter drop
|
||||
ip saddr 217.113.194.241 counter drop
|
||||
ip saddr 217.113.194.235 counter drop
|
||||
ip saddr 217.113.194.233 counter drop
|
||||
ip saddr 185.191.171.8 counter drop
|
||||
ip saddr 185.191.171.16 counter drop
|
||||
ip saddr 66.249.66.72 counter drop
|
||||
ip saddr 185.191.171.4 counter drop
|
||||
ip saddr 185.191.171.19 counter drop
|
||||
ip saddr 66.249.66.10 counter drop
|
||||
ip saddr 185.191.171.14 counter drop
|
||||
ip saddr 163.1.201.225 counter drop
|
||||
ip saddr 85.208.96.210 counter drop
|
||||
ip saddr 185.191.171.18 counter drop
|
||||
ip saddr 66.249.66.73 counter drop
|
||||
ip saddr 20.81.159.192 counter drop
|
||||
ip saddr 85.208.96.208 counter drop
|
||||
ip saddr 172.183.108.41 counter drop
|
||||
ip saddr 178.249.214.69 counter drop
|
||||
ip saddr 178.249.214.69 counter drop
|
||||
ip saddr 85.208.96.203 counter drop
|
||||
ip saddr 85.208.96.197 counter drop
|
||||
ip saddr 85.208.96.195 counter drop
|
||||
ip saddr 195.191.219.130 counter drop
|
||||
ip saddr 136.38.232.155 counter drop
|
||||
ip saddr 95.217.122.172 counter drop
|
||||
ip saddr 85.208.96.209 counter drop
|
||||
ip saddr 85.208.96.193 counter drop
|
||||
ip saddr 185.191.171.17 counter drop
|
||||
ip saddr 66.249.66.4 counter drop
|
||||
ip saddr 174.138.53.241 counter drop
|
||||
ip saddr 5.255.231.92 counter drop
|
||||
ip saddr 185.224.128.84 counter drop
|
||||
ip saddr 85.208.96.212 counter drop
|
||||
ip saddr 185.191.171.11 counter drop
|
||||
ip saddr 213.180.203.11 counter drop
|
||||
ip saddr 192.9.152.131 counter drop
|
||||
ip saddr 51.222.253.15 counter drop
|
||||
ip saddr 66.249.66.70 counter drop
|
||||
tcp dport 80 counter accept
|
||||
udp dport 80 counter accept
|
||||
tcp dport 443 counter accept
|
||||
udp dport 443 counter accept
|
||||
tcp dport 22 counter accept
|
||||
udp dport 22 counter accept
|
||||
tcp dport 3000 counter accept
|
||||
udp dport 3000 counter accept
|
||||
tcp dport 8082 counter accept
|
||||
@ -95,10 +20,13 @@ table ip filter {
|
||||
udp dport 853 counter accept
|
||||
tcp dport 53 counter accept
|
||||
udp dport 53 counter accept
|
||||
udp dport 53 counter accept
|
||||
tcp dport 67 counter accept
|
||||
udp dport 67 counter accept
|
||||
udp dport 67 counter accept
|
||||
tcp dport 68 counter accept
|
||||
udp dport 68 counter accept
|
||||
udp dport 68 counter accept
|
||||
tcp dport 631 counter accept
|
||||
udp dport 631 counter accept
|
||||
tcp dport 5353 counter accept
|
||||
@ -136,6 +64,55 @@ table ip filter {
|
||||
counter accept
|
||||
}
|
||||
}
|
||||
table ip6 filter {
|
||||
chain input {
|
||||
type filter hook input priority filter; policy drop;
|
||||
tcp dport 57692 counter accept
|
||||
udp dport 57692 counter accept
|
||||
tcp dport 80 counter accept
|
||||
udp dport 80 counter accept
|
||||
tcp dport 443 counter accept
|
||||
udp dport 443 counter accept
|
||||
tcp dport 22 counter accept
|
||||
udp dport 22 counter accept
|
||||
tcp dport 3000 counter accept
|
||||
udp dport 3000 counter accept
|
||||
tcp dport 8082 counter accept
|
||||
udp dport 8082 counter accept
|
||||
tcp dport 853 counter accept
|
||||
udp dport 853 counter accept
|
||||
tcp dport 53 counter accept
|
||||
udp dport 53 counter accept
|
||||
tcp dport 67 counter accept
|
||||
udp dport 67 counter accept
|
||||
tcp dport 68 counter accept
|
||||
udp dport 68 counter accept
|
||||
tcp dport 631 counter accept
|
||||
udp dport 631 counter accept
|
||||
tcp dport 5353 counter accept
|
||||
udp dport 5353 counter accept
|
||||
tcp dport 22000 counter accept
|
||||
udp dport 22000 counter accept
|
||||
tcp dport 8384 counter accept
|
||||
udp dport 8384 counter accept
|
||||
tcp dport 21027 counter accept
|
||||
udp dport 21027 counter accept
|
||||
tcp dport 8096 counter accept
|
||||
udp dport 8096 counter accept
|
||||
tcp dport 7359 counter accept
|
||||
udp dport 7359 counter accept
|
||||
}
|
||||
|
||||
chain forward {
|
||||
type filter hook forward priority filter; policy accept;
|
||||
drop
|
||||
}
|
||||
|
||||
chain output {
|
||||
type filter hook output priority filter; policy accept;
|
||||
drop
|
||||
}
|
||||
}
|
||||
table ip nat {
|
||||
chain postrouting {
|
||||
oif "wg0" iif "enp11s0"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user