firewall/ReadMe.md
2024-09-24 19:53:32 -06:00

1.0 KiB

Prerequisites

  1. NFT
  2. Redis

Install

  • cd /opt
  • git clone https://git.poster.place/verita84/firewall
  • cp firewall.service /etc/systemd/system
  • systemctl enable --now firewall

Configure Redis Schema

bash firewall.sh import-db

Configure firewall.sh

  • Edit the portConfig variables to allow ports
  • Modify NGINX_ACCESS to point to your NGINX config file

Add Detection by the Minute via Cron

*/1 * * * * bash /opt/firewall/firewall.sh attacker-protection
*/5 * * * * bash /opt/firewall/firewall.sh forgive
00 00 * * * bash /opt/firewall/firewall.sh export-db

Per the above, new attacks are searched every minute and temp blocks are forgiven every 5 minutes. The Redis DB is exported at midnight.

Accessing the Menu

bash firewall.sh

Custom Modules

  • There are a few custom function modules to protect against certain DDOS attacks and they are named module-foo().
  • Modules can be loaded by adding them to the attacker-protection() or watch() functions as needed