1.0 KiB
1.0 KiB
Prerequisites
- NFT
- Redis
Install
cd /opt
git clone https://git.poster.place/verita84/firewall
cp firewall.service /etc/systemd/system
systemctl enable --now firewall
Configure Redis Schema
bash firewall.sh import-db
Configure firewall.sh
- Edit the
portConfig
variables to allow ports - Modify
NGINX_ACCESS
to point to your NGINX config file
Add Detection by the Minute via Cron
*/1 * * * * bash /opt/firewall/firewall.sh attacker-protection
*/5 * * * * bash /opt/firewall/firewall.sh forgive
00 00 * * * bash /opt/firewall/firewall.sh export-db
Per the above, new attacks are searched every minute and temp blocks are forgiven every 5 minutes. The Redis DB is exported at midnight.
Accessing the Menu
bash firewall.sh
Custom Modules
- There are a few custom function modules to protect against certain DDOS attacks and they are named
module-foo()
. - Modules can be loaded by adding them to the
attacker-protection()
orwatch()
functions as needed