s
This commit is contained in:
Your Name
parent
b7b5c39a47
commit
8c1013099f
77
firewall.sh
77
firewall.sh
@ -6,7 +6,7 @@ NGINX_ACCESS="/tmp/access.log"
|
||||
ACCESS="/tmp/minute.log"
|
||||
HTTP_LIMIT="100"
|
||||
RATE_LIMITED_HTTP="30"
|
||||
grep $DATE $NGINX_ACCESS > $ACCESS
|
||||
grep $DATE $NGINX_ACCESS >$ACCESS
|
||||
#Firewall Port Configuration
|
||||
#
|
||||
declare -A portConfig
|
||||
@ -71,7 +71,7 @@ ipBlockParser() {
|
||||
|
||||
portOpenParser() {
|
||||
if [[ "$1" == "443" || "$1" == "80" ]]; then
|
||||
echo "Skipping $1"
|
||||
echo "Skipping $1"
|
||||
else
|
||||
$NFT add rule ip filter input position 0 tcp dport $1 accept
|
||||
$NFT add rule ip filter input position 0 udp dport $1 accept
|
||||
@ -86,12 +86,12 @@ ipDeleteParser() {
|
||||
else
|
||||
$NFT delete rule ip filter input handle $HANDLE &>/dev/null
|
||||
fi
|
||||
redis-cli SREM tmp_block $i
|
||||
redis-cli SREM bots $i
|
||||
redis-cli SREM tmp_block $i
|
||||
redis-cli SREM bots $i
|
||||
}
|
||||
|
||||
blockCountry() {
|
||||
DATA=($( redis-cli SMEMBERS country_ip))
|
||||
DATA=($(redis-cli SMEMBERS country_ip))
|
||||
for i in "${DATA[@]}"; do
|
||||
echo "Blocking $i"
|
||||
ipBlockParser $i
|
||||
@ -274,7 +274,7 @@ stop() {
|
||||
message "Stopping Firewall"
|
||||
}
|
||||
|
||||
rateLimit(){
|
||||
rateLimit() {
|
||||
HANDLE=($(nft -n -a list ruleset | grep "ct state 0x8 tcp dport" | grep -E '80|443' | grep handle | cut -d '#' -f2 | cut -d ' ' -f3))
|
||||
for i in "${HANDLE[@]}"; do
|
||||
|
||||
@ -284,16 +284,15 @@ rateLimit(){
|
||||
$NFT delete rule filter input handle $i &>/dev/null
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo "Setting Rate Limit to : $1"
|
||||
echo
|
||||
$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
||||
$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
||||
$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
||||
$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
||||
$NFT add rule ip6 filter input ct state new tcp dport 443 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
||||
$NFT add rule ip6 filter input ct state new tcp dport 80 update @http_ratelimit { ip6 saddr limit rate $1/second } accept
|
||||
$NFT add rule ip filter input ct state new tcp dport 443 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
||||
$NFT add rule ip filter input ct state new tcp dport 80 update @http_ratelimit { ip saddr limit rate $1/second } accept
|
||||
}
|
||||
|
||||
|
||||
forgive() {
|
||||
IP=($(redis-cli --raw SMEMBERS tmp_block | sort -u))
|
||||
echo $IP
|
||||
@ -365,10 +364,6 @@ module-lightning() {
|
||||
fi
|
||||
}
|
||||
|
||||
message() {
|
||||
echo "$1" | /root/go/bin/algia dm-post -u 33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 --stdin
|
||||
}
|
||||
|
||||
watch() {
|
||||
echo "Scanning $DATE"
|
||||
echo
|
||||
@ -402,23 +397,23 @@ watch() {
|
||||
echo
|
||||
fi
|
||||
done
|
||||
BLOCK_CHECK=$(redis-cli --raw SMEMBERS tmp_block)
|
||||
if [[ "$BLOCK_CHECK" == *"empty"* || "$BLOCK_CHECK" == "" ]]; then
|
||||
rateLimit $HTTP_LIMIT
|
||||
else
|
||||
rateLimit $RATE_LIMITED_HTTP
|
||||
fi
|
||||
}
|
||||
|
||||
BLOCK_CHECK=$(redis-cli --raw SMEMBERS tmp_block)
|
||||
if [[ "$BLOCK_CHECK" == *"empty"* || "$BLOCK_CHECK" == "" ]]; then
|
||||
rateLimit $HTTP_LIMIT
|
||||
else
|
||||
rateLimit $RATE_LIMITED_HTTP
|
||||
fi
|
||||
}
|
||||
|
||||
message() {
|
||||
echo "$1" | /root/go/bin/algia dm-post -u 33c74427f3b2b73d5e38f3e6c991c122a55d204072356f71da49a0e209fb6940 --stdin
|
||||
}
|
||||
|
||||
module-unblock() {
|
||||
IP=($(grep $DATE $ACCESS | grep "/unblock" | cut -d ' ' -f1 | cut -d ' ' -f1 ))
|
||||
IP=($(grep $DATE $ACCESS | grep "/unblock" | cut -d ' ' -f1 | cut -d ' ' -f1))
|
||||
for i in "${IP[@]}"; do
|
||||
echo "Unblocking $i"
|
||||
echo "Unblocking $i"
|
||||
ipDeleteParser $i
|
||||
done
|
||||
}
|
||||
@ -434,30 +429,6 @@ module-nostr() {
|
||||
done
|
||||
}
|
||||
|
||||
test-bots() {
|
||||
for i in "${SAVED_BOTS[@]}"; do
|
||||
DATA=$(grep $i $ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
||||
if [ "$DATA" = "" ]; then
|
||||
echo "No Data. Probably OK"
|
||||
else
|
||||
echo $DATA
|
||||
fi
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
module-nostr() {
|
||||
IP=($(grep $DATE $ACCESS | grep "/block=" | cut -d '=' -f2 | cut -d ' ' -f1 | sed 's/"//'))
|
||||
for i in "${IP[@]}"; do
|
||||
echo $i
|
||||
if [[ "$i" == *"npub"* ]]; then
|
||||
bash /opt/strfry-policies/block.sh $i
|
||||
else
|
||||
echo "No Npubs to block"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
test-bots() {
|
||||
for i in "${SAVED_BOTS[@]}"; do
|
||||
DATA=$(grep $i $ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
|
||||
@ -545,14 +516,14 @@ importDB() {
|
||||
redis-cli SADD my_ip $(curl ifconfig.me)
|
||||
redis-cli SADD country https://www.ipdeny.com/ipblocks/data/countries/il.zone \
|
||||
https://www.ipdeny.com/ipblocks/data/countries/cn.zone
|
||||
COUNTRY=($( redis-cli SMEMBERS country) )
|
||||
COUNTRY=($(redis-cli SMEMBERS country))
|
||||
for i in "${COUNTRY[@]}"; do
|
||||
echo
|
||||
echo "Blocking $i"
|
||||
DB=($(curl $i))
|
||||
for j in "${DB[@]}"; do
|
||||
redis-cli SADD country_ip $j
|
||||
done
|
||||
for j in "${DB[@]}"; do
|
||||
redis-cli SADD country_ip $j
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user