fix
This commit is contained in:
Your Name
parent
e9ba6747d6
commit
a36ccf1caa
18
firewall.sh
18
firewall.sh
@ -7,7 +7,7 @@ ACCESS="/tmp/minute.log"
|
||||
HTTP_LIMIT="150"
|
||||
RATE_LIMITED_HTTP="30"
|
||||
MODULES="/opt/firewall/modules"
|
||||
TMP_BLOCK_TIMEOUT="20"
|
||||
TMP_BLOCK_TIMEOUT="45"
|
||||
grep $DATE $NGINX_ACCESS >$ACCESS
|
||||
#Firewall Port Configuration
|
||||
#
|
||||
@ -15,12 +15,12 @@ declare -A portConfig
|
||||
portConfig["https"]="443"
|
||||
portConfig["http"]="80"
|
||||
portConfig["cups"]="631"
|
||||
portConfig["WireGuard"]="57692"
|
||||
#portConfig["WireGuard"]="57692"
|
||||
#portConfig["AdGuard-1"]="3000"
|
||||
#portConfig["AdGuard-2"]="8082"
|
||||
#portConfig["AdGuard-3"]="853"
|
||||
#portConfig["Uptime"]="4001"
|
||||
#portConfig["DNS-1"]="53"
|
||||
#portConfig["akkoma"]="4000"
|
||||
#portConfig["strfry"]="7777"
|
||||
#portConfig["DNS-2"]="67"
|
||||
#portConfig["DNS-3"]="68"
|
||||
portConfig["CUPS-1"]="631"
|
||||
@ -44,7 +44,7 @@ portConfig["SyncThing-3"]="21027"
|
||||
portConfig["Jellyfin-1"]="8096"
|
||||
portConfig["Jellyfin-1"]="7359"
|
||||
portConfig["SSH"]="22"
|
||||
MACHINES=(192.168.0.55)
|
||||
TRUST="192.168.0.37"
|
||||
VIRT_BRIDGE="virbr0"
|
||||
#### NFT CONFIG ####
|
||||
#
|
||||
@ -107,7 +107,7 @@ attacker-protection() {
|
||||
|
||||
bot-search() {
|
||||
echo "Searching for Web Crawalers...."
|
||||
CRAWLERS=($(grep $DATE $ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
||||
CRAWLERS=($(grep $DATE $ACCESS | grep -vi $MY_IP | grep -vi 127.0.0.1 | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))
|
||||
echo
|
||||
echo "Processing Web Crawler list into NFT....."
|
||||
echo
|
||||
@ -154,9 +154,7 @@ virtualization() {
|
||||
}
|
||||
|
||||
trust() {
|
||||
for i in "${MACHINES[@]}"; do
|
||||
$NFT add rule filter input ip saddr $i accept
|
||||
done
|
||||
$NFT insert rule ip filter input position 0 ip saddr $TRUST accept
|
||||
}
|
||||
|
||||
import-saved() {
|
||||
@ -271,7 +269,7 @@ forgive() {
|
||||
watch() {
|
||||
echo "Scanning $DATE"
|
||||
echo
|
||||
IP=($(grep $DATE $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
||||
IP=($(grep $DATE $ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | grep -vi $MY_IP | grep -vi 127.0.0.1 | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
|
||||
|
||||
for i in "${IP[@]}"; do
|
||||
bash $MODULES/module-akkoma-instance.sh "$i" "$DATE" "$ACCESS"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user