Головна сторінка Огляд Довідка
Увійти
deadtom
/
Firewall_Scripts
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Переглянути джерело

Initial commit

Allen 1 місяць тому
батько
27aecea281
коміт
967e9a6405
3 змінених файлів з 155 додано та 0 видалено
Розділений вигляд Показати статистику Diff
  1. 47 0
      cinsarmy.sh
  2. 48 0
      quietcinsarmy.sh
  3. 60 0
      resetfirewall.sh

+ 47 - 0
cinsarmy.sh
Переглянути файл 

@@ -0,0 +1,47 @@
 
+#!/bin/bash
 
+
 
+BADGUYS_FILE="/root/ci-badguys.txt"
 
+CHAIN_NAME="CINSARMY_IPS"
 
+FIREWALL="/sbin/iptables"
 
+ETH="eth1"
 
+
 
+echo "Downloading the cinsarmy bad guys list of IPs."
 
+
 
+wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
 
+
 
+echo "Making sure it downloaded..."
 
+
 
+# Check if the file exists
 
+if [[ ! -f "$BADGUYS_FILE" ]]; then
 
+    echo "File not found: $BADGUYS_FILE"
 
+    exit 1
 
+fi
 
+
 
+# Check if the chain exists, and creates it if it's not there
 
+if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
 
+    echo "Chain $CHAIN_NAME already exists."
 
+    $FIREWALL -F $CHAIN_NAME
 
+else
 
+    echo "Creating chain $CHAIN_NAME."
 
+    $FIREWALL -N $CHAIN_NAME
 
+    # Jump to our chain from the FORWARD chain
 
+    $FIREWALL -A FORWARD -j $CHAIN_NAME
 
+fi
 
+
 
+echo "Processing the updated bad guys list..."
 
+
 
+# Read each line (IP address) from the file and block it
 
+while IFS= read -r ip; do
 
+    # Check if the line is not empty
 
+    if [[ -n "$ip" ]]; then
 
+        # Block the IP address using $FIREWALL
 
+        $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
 
+        # echo "Blocked IP: $ip"
 
+    fi
 
+done < "$BADGUYS_FILE"
 
+
 
+# Delete the bad guys file
 
+rm $BADGUYS_FILE
 
+
 
+echo "Bad guys list has been processed, and deleted."
 
+

+ 48 - 0
quietcinsarmy.sh
Переглянути файл 

@@ -0,0 +1,48 @@
 
+#!/bin/bash
 
+
 
+BADGUYS_FILE="/root/ci-badguys.txt"
 
+CHAIN_NAME="CINSARMY_IPS"
 
+FIREWALL="/sbin/iptables"
 
+ETH="eth1"
 
+
 
+# echo "Downloading the cinsarmy bad guys list of IPs."
 
+
 
+wget -c https://cinsscore.com/list/ci-badguys.txt -q -O $BADGUYS_FILE
 
+
 
+# Check if the file exists
 
+if [[ ! -f "$BADGUYS_FILE" ]]; then
 
+    echo "File not found: $BADGUYS_FILE"
 
+    exit 1
 
+fi
 
+
 
+# echo "Making sure the file downloaded..."
 
+
 
+# Check if the chain exists, and creates it if it's not there
 
+if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
 
+    # echo "Chain $CHAIN_NAME already exists."
 
+    $FIREWALL -F $CHAIN_NAME
 
+else
 
+    # echo "Creating chain $CHAIN_NAME."
 
+    $FIREWALL -N $CHAIN_NAME
 
+fi
 
+
 
+# echo "Processing the bad guys list..."
 
+
 
+# Read each line (IP address) from the file and block it
 
+while IFS= read -r ip; do
 
+    # Check if the line is not empty
 
+    if [[ -n "$ip" ]]; then
 
+        # Block the IP address using $FIREWALL
 
+        $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
 
+        # echo "Blocked IP: $ip"
 
+    fi
 
+done < "$BADGUYS_FILE"
 
+
 
+# Jump to the our chain from the FORWARD CHAIN
 
+$FIREWALL -A FORWARD -j $CHAIN_NAME
 
+
 
+# Delete the bad guys file
 
+rm $BADGUYS_FILE
 
+
 
+# echo "Bad guys list has been processed, and deleted."
 
+

+ 60 - 0
resetfirewall.sh
Переглянути файл 

@@ -0,0 +1,60 @@
 
+#!/bin/bash
 
+#
 
+
 
+BADGUYS_FILE="/root/ci-badguys.txt"
 
+CHAIN_NAME="CINSARMY_IPS"
 
+FIREWALL="/sbin/iptables"
 
+ETH="eth1"
 
+
 
+echo "Clearing firewall."
 
+$FIREWALL -P INPUT ACCEPT
 
+$FIREWALL -P FORWARD ACCEPT
 
+$FIREWALL -P OUTPUT ACCEPT
 
+$FIREWALL -t nat -F
 
+$FIREWALL -t mangle -F
 
+$FIREWALL -F
 
+$FIREWALL -X
 
+echo "Restoring firewall from iptables.rules."
 
+/sbin/iptables-restore < /etc/iptables.rules
 
+echo "Restoring fail2ban rules."
 
+sudo systemctl restart fail2ban
 
+echo "Downloading cinsarmy IP list..."
 
+
 
+wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
 
+
 
+echo "Making sure it downloaded."
 
+
 
+# Check if the file exists
 
+if [[ ! -f "$BADGUYS_FILE" ]]; then
 
+    echo "File not found: $BADGUYS_FILE"
 
+    exit 1
 
+fi
 
+
 
+echo "Processing the list..."
 
+
 
+# Check if the chain exists, and creates it if it's not there
 
+if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
 
+    echo "Chain $CHAIN_NAME already exists."
 
+    $FIREWALL -F $CHAIN_NAME
 
+else
 
+    echo "Creating chain $CHAIN_NAME."
 
+    $FIREWALL -N $CHAIN_NAME
 
+fi
 
+
 
+# Read each line (IP address) from the file and block it
 
+while IFS= read -r ip; do
 
+    # Check if the line is not empty
 
+    if [[ -n "$ip" ]]; then
 
+        # Block the IP address using iptables
 
+        $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
 
+        # echo "Blocked IP: $ip"
 
+    fi
 
+done < "$BADGUYS_FILE"
 
+
 
+# Jump to the our chain from the FORWARD CHAIN
 
+$FIREWALL -A FORWARD -j $CHAIN_NAME
 
+
 
+# Delete the bad guys file
 
+rm $BADGUYS_FILE
 
+
 
+echo "Bad guys list has been processed, and deleted."