deployment-web/roles/deploy-web/files/refill_blacklist.sh

#!/bin/bash

BLACKLIST=/etc/sentinel/blacklist
chain_count=$(iptables -L BLACKLIST -n | wc -l)
if [ ${chain_count} -eq 0 ]; then
	iptables -N BLACKLIST
	iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j BLACKLIST
	iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j BLACKLIST

fi
if [ ! -f ${BLACKLIST} ]; then
	touch ${BLACKLIST}
fi
if [ ${chain_count} -gt 2 ]; then
	chain_count=$(echo ${chain_count}-2 |bc)
	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
	for i in $(cat ${BLACKLIST})
	do
		block_ip=1
		for j in ${iptables_ip[@]}
		do
			if [ "${i}" == "${j}" ]; then
				block_ip=0
			fi
		done
		if [ ${block_ip} -eq 1 ]; then
			iptables -A BLACKLIST -s ${i} -j DROP
		fi
	done
else
	for i in $(cat ${BLACKLIST})
	do
		iptables -A BLACKLIST -s ${i} -j DROP
	done
fi
optimisation du script de blacklist 2023-02-08 21:17:11 +01:00			`#!/bin/bash`

			`BLACKLIST=/etc/sentinel/blacklist`
			`chain_count=$(iptables -L BLACKLIST -n \| wc -l)`
			`if [ ${chain_count} -eq 0 ]; then`
			`iptables -N BLACKLIST`
fix blacklist 2023-03-02 23:56:46 +01:00			`iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j BLACKLIST`
			`iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j BLACKLIST`
optimisation du script de blacklist 2023-02-08 21:17:11 +01:00
			`fi`
			`if [ ! -f ${BLACKLIST} ]; then`
			`touch ${BLACKLIST}`
			`fi`
			`if [ ${chain_count} -gt 2 ]; then`
			`chain_count=$(echo ${chain_count}-2 \|bc)`
			`iptables_ip=($(iptables -nvL BLACKLIST \| tail -n ${chain_count} \| awk '{print $8}'))`
			`for i in $(cat ${BLACKLIST})`
			`do`
			`block_ip=1`
			`for j in ${iptables_ip[@]}`
			`do`
			`if [ "${i}" == "${j}" ]; then`
			`block_ip=0`
			`fi`
			`done`
			`if [ ${block_ip} -eq 1 ]; then`
			`iptables -A BLACKLIST -s ${i} -j DROP`
			`fi`
			`done`
			`else`
			`for i in $(cat ${BLACKLIST})`
			`do`
			`iptables -A BLACKLIST -s ${i} -j DROP`
			`done`
			`fi`