From ebf63ebf5744bd27958e518c62b2f414d43d0666 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 9 Sep 2024 22:54:52 -0600 Subject: [PATCH] fix --- firewall2.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/firewall2.sh b/firewall2.sh index 81a2a2d..d8edf5f 100644 --- a/firewall2.sh +++ b/firewall2.sh @@ -40,6 +40,7 @@ BOT_ACCOUNT="blockbot@detroitriotcity.com" CRAWLER_TMP='/tmp/crawlers.txt' DATE="$(date +%Y:%H: -d "1 hour ago")" #DATE="$(date +%Y:%H:)"; +RULE_SET='/opt/firewall/nft.rules' COUNTRY=( https://www.ipdeny.com/ipblocks/data/countries/il.zone https://www.ipdeny.com/ipblocks/data/countries/cn.zone @@ -279,7 +280,16 @@ trust() { start() { $NFT flush ruleset - $NFT -f /usr/share/nftables/ipv4-filter.nft + + if [ -f "$RULE_SET" ]; then + echo + echo "Importing Existing Rule Set" + $NFT -f $RULE_SET + else + echo + echo "No existing Rules saved" + $NFT -f /usr/share/nftables/ipv4-filter.nft + fi if [[ $HOSTNAME == *"nas"* ]]; then attacker-protection @@ -291,7 +301,7 @@ start() { cups syncthingServer syncthing - blockCountry + #blockCountry jellyfin wireguard-networking uptimeKuma @@ -299,9 +309,7 @@ start() { $NFT insert rule filter input iif docker0 $NFT_ACCEPT basic-security else - { - virtualization - } + virtualization basic-security fi @@ -313,6 +321,7 @@ status() { } stop() { + $NFT -s list ruleset | tee $RULE_SET $NFT flush ruleset $NFT -f /usr/share/nftables/ipv4-filter.nft $NFT add rule filter input icmp type echo-request $NFT_ACCEPT