Home Esplora Aiuto
Accedi
yosoyhendrix
/
vesta
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): ebe14052d2
Rami (Branch) Tag
vesta
/
bin
/
v-add-firewall-ban

v-add-firewall-ban 2.1 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. #!/bin/bash
    2. 

  2. # info: add firewall blocking rule
    3. 

  3. # options: IP CHAIN
    4. 

  4. #
    5. 

  5. # The function adds new blocking rule to system firewall
    6. 

  6. 

  7. 

  8. #----------------------------------------------------------#
    9. 

  9. #                    Variable&Function                     #
    10. 

  10. #----------------------------------------------------------#
    11. 

  11. 

  12. # Importing system variables
    13. 

  13. source /etc/profile
    14. 

  14. 

  15. # Argument definition
    16. 

  16. ip=$1
    17. 

  17. chain=$(echo $2|tr '[:lower:]' '[:upper:]')
    18. 

  18. 

  19. # Defining absolute path for iptables and modprobe
    20. 

  20. iptables="/sbin/iptables"
    21. 

  21. 

  22. # Includes
    23. 

  23. source $VESTA/func/main.sh
    24. 

  24. source $VESTA/conf/vesta.conf
    25. 

  25. 

  26. 

  27. #----------------------------------------------------------#
    28. 

  28. #                    Verifications                         #
    29. 

  29. #----------------------------------------------------------#
    30. 

  30. 

  31. check_args '2' "$#" 'IP CHAIN'
    32. 

  32. is_format_valid 'ip' 'chain'
    33. 

  33. is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
    34. 

  34. 

  35. 

  36. #----------------------------------------------------------#
    37. 

  37. #                       Action                             #
    38. 

  38. #----------------------------------------------------------#
    39. 

  39. 

  40. # Checking server ip
    41. 

  41. if [ -e "$VESTA/data/ips/$ip" ] || [ "$ip" = '127.0.0.1' ]; then
    42. 

  42.     exit
    43. 

  43. fi
    44. 

  44. 

  45. # Checking ip exclusions
    46. 

  46. excludes="$VESTA/data/firewall/excludes.conf"
    47. 

  47. check_excludes=$(grep "^$ip$" $excludes 2>/dev/null)
    48. 

  48. if  [ ! -z "$check_excludes" ]; then
    49. 

  49.     exit
    50. 

  50. fi
    51. 

  51. 

  52. # Checking ip in banlist
    53. 

  53. conf="$VESTA/data/firewall/banlist.conf"
    54. 

  54. check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2>/dev/null)
    55. 

  55. if [ ! -z "$check_ip" ]; then
    56. 

  56.     exit
    57. 

  57. fi
    58. 

  58. 

  59. # Adding chain
    60. 

  60. $BIN/v-add-firewall-chain $chain
    61. 

  61. 

  62. # Generating timestamp
    63. 

  63. time_n_date=$(date +'%T %F')
    64. 

  64. time=$(echo "$time_n_date" |cut -f 1 -d \ )
    65. 

  65. date=$(echo "$time_n_date" |cut -f 2 -d \ )
    66. 

  66. 

  67. # Adding ip to banlist
    68. 

  68. echo "IP='$ip' CHAIN='$chain' TIME='$time' DATE='$date'" >> $conf
    69. 

  69. $iptables -I fail2ban-$chain 1 -s $ip \
    70. 

  70.     -j REJECT --reject-with icmp-port-unreachable 2>/dev/null
    71. 

  71. 

  72. # Changing permissions
    73. 

  73. chmod 660 $conf
    74. 

  74. 

  75. 

  76. #----------------------------------------------------------#
    77. 

  77. #                       Vesta                              #
    78. 

  78. #----------------------------------------------------------#
    79. 

  79. 

  80. # Logging
    81. 

  81. log_event "$OK" "$ARGUMENTS"
    82. 

  82. 

  83. exit
    84.