صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
deadtom
/
Firewall_Scripts
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 3295f67458
شاخه‌ها تگ‌ها
Firewall_Script...
/
resetfirewall.sh

resetfirewall.sh 2.1 KB
تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. #!/bin/bash
    2. 

  2. #
    3. 

  3. 

  4. BADGUYS_FILE=""  # The location you want to download the list (/path/to/badguys.txt)
    5. 

  5. CHAIN_NAME="CINSARMY_IPS"  # The firewall chain to hold the cinsarmy rules
    6. 

  6. FIREWALL="/sbin/iptables"  # The path to iptables
    7. 

  7. RULESFILE=""  # The path to your iptables rules file (/path/to/iptables.rules)
    8. 

  8. ETH=""  # The name of the ethernet port you'd like to apply these rules to. Example: eth1
    9. 

  9. 

  10. echo "Clearing firewall."
    11. 

  11. $FIREWALL -P INPUT ACCEPT
    12. 

  12. $FIREWALL -P FORWARD ACCEPT
    13. 

  13. $FIREWALL -P OUTPUT ACCEPT
    14. 

  14. $FIREWALL -t nat -F
    15. 

  15. $FIREWALL -t mangle -F
    16. 

  16. $FIREWALL -F
    17. 

  17. $FIREWALL -X
    18. 

  18. echo "Restoring firewall from iptables.rules."
    19. 

  19. $FIREWALL-restore < $RULESFILE
    20. 

  20. echo "Restoring fail2ban rules."
    21. 

  21. sudo systemctl restart fail2ban
    22. 

  22. echo "Downloading cinsarmy IP list..."
    23. 

  23. 

  24. wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
    25. 

  25. 

  26. echo "Making sure it downloaded."
    27. 

  27. 

  28. # Check if the file exists
    29. 

  29. if [[ ! -f "$BADGUYS_FILE" ]]; then
    30. 

  30.     echo "File not found: $BADGUYS_FILE"
    31. 

  31.     exit 1
    32. 

  32. fi
    33. 

  33. 

  34. echo "Processing the list..."
    35. 

  35. 

  36. # Check if the chain exists, and creates it if it's not there
    37. 

  37. if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
    38. 

  38.     echo "Chain $CHAIN_NAME already exists."
    39. 

  39.     $FIREWALL -F $CHAIN_NAME
    40. 

  40. else
    41. 

  41.     echo "Creating chain $CHAIN_NAME."
    42. 

  42.     $FIREWALL -N $CHAIN_NAME
    43. 

  43. fi
    44. 

  44. 

  45. # Read each line (IP address) from the file and block it
    46. 

  46. while IFS= read -r ip; do
    47. 

  47.     # Check if the line is not empty
    48. 

  48.     if [[ -n "$ip" ]]; then
    49. 

  49.         # Block the IP address using iptables
    50. 

  50.         $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
    51. 

  51.         # echo "Blocked IP: $ip"
    52. 

  52.     fi
    53. 

  53. done < "$BADGUYS_FILE"
    54. 

  54. 

  55. # Jump to the our chain from the FORWARD CHAIN
    56. 

  56. $FIREWALL -A FORWARD -j $CHAIN_NAME
    57. 

  57. 

  58. # Delete the bad guys file
    59. 

  59. rm $BADGUYS_FILE
    60. 

  60. 

  61. echo "Bad guys list has been processed, and deleted."
    62. 

  62. 

  63. echo "Checking for return rule at the end of our chain."
    64. 

  64. 

  65. # Check if the rule already exists
    66. 

  66. 

  67. RETURNRULE="-A $CHAIN_NAME -p tcp -j RETURN"
    68. 

  68. 

  69. if $FIREWALL -S $CHAIN_NAME | grep -q "$RETURNRULE"; then
    70. 

  70.     echo "Rule already exists: $RETURNRULE"
    71. 

  71. else
    72. 

  72.     # Add the rule if it doesn't exist
    73. 

  73.     $FIREWALL $RETURNRULE
    74. 

  74.     echo "Rule added: $RETURNRULE"
    75. 

  75. fi
    76. 

  76. 

  77. echo "Done.
    78.