# clear
if cat /var/log/auth.log | grep -oE "ailed|Bad protocol" &> /dev/null;
then sudo iptables -F
## ip error auth
cat /var/log/auth.log | grep -E "ailed|Bad protocol" >> /tmp/banip
#
sed '/ailed/d' /var/log/auth.log > /tmp/aut && mv /tmp/aut /var/log/auth.log
sed '/Bad protocol/d' /var/log/auth.log > /tmp/aut && mv /tmp/aut /var/log/auth.log
cat <
192.168.1.2
9.2.
1.1.
EOF
for IP1 in $(cat /tmp/ip-allow-log); do echo "ignore $IP1"; sed "/$IP1/d" /tmp/banip > /tmp/banip1 && mv /tmp/banip1 /tmp/banip; done
sudo /etc/init.d/rsyslog restart
#
cat /tmp/banip | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sort | uniq > /tmp/ban-ip
##
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
## port 22,80,443
PORT='22,80,443'
## ip
cat <
5.1.0.0
5.1.0.0
8.3.0.0
8.2.0.0
EOF
for IP in $(cat /tmp/ip-allow16); do echo "ACCEPT $IP"; sudo iptables -A INPUT -i ens2 -s $IP/16 -p tcp -m multiport --dport $PORT -j ACCEPT; done
##cat <
##172.28.253.0
##172.28.253.0
##EOF
##for IP in $(cat /tmp/ip-allow24); do echo "ACCEPT $IP"; sudo iptables -A INPUT -i ens2 -s $IP/24 -j ACCEPT; done
cat <
192.168.1.3
192.168.1.4
EOF
for IP in $(cat /tmp/ip-allow32); do echo "ACCEPT $IP"; sudo iptables -A INPUT -i ens2 -s $IP/32 -j ACCEPT; done
## read line
echo "`cat /tmp/ban-ip | wc -l` количество IP"
## ban ip
for IP in $(cat /tmp/ban-ip); do echo "Banning IN $IP"; sudo iptables -A INPUT -i ens2 -s $IP/32 -j DROP; done
for IP in $(cat /tmp/ban-ip); do echo "Banning OUT $IP"; sudo iptables -A OUTPUT -o ens2 -d $IP/32 -j DROP; done
sudo iptables -A INPUT -i ens2 -p tcp -m multiport --dport 80,443 -j ACCEPT
sudo iptables -A INPUT -i ens2 -j DROP
#echo " read table"
#read TM
#sudo iptables-save
echo "`date -R` update ban" >> /var/log/ban-ip.txt
cp /var/log/ban-ip.txt /var/www/html/ban-ip.txt
fi
Комментариев нет:
Отправить комментарий