From c7ddbd20b60aa02aac178c399438c15ec1594fcc Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Sun, 5 Feb 2023 17:58:15 +0100
Subject: [PATCH] add iptables blacklist

---
 roles/deploy-web/files/blacklist.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/deploy-web/files/blacklist.sh b/roles/deploy-web/files/blacklist.sh
index 500efe7..22b91d0 100755
--- a/roles/deploy-web/files/blacklist.sh
+++ b/roles/deploy-web/files/blacklist.sh
@@ -6,6 +6,9 @@ BLACKLIST=/etc/sentinel/blacklist
 chain_count=$(iptables -L BLACKLIST | wc -l)
 if [ ${chain_count} -eq 0 ]; then
 	iptables -N BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 80 -j BLACKLIST
+	iptables -A INPUT -p tcp -m tcp --dport 443 -j BLACKLIST
+
 fi
 if [ ! -f ${BLACKLIST} ]; then
 	touch ${BLACKLIST}
@@ -49,5 +52,4 @@ do
 		cat ${BLACKLIST} >> ${MAIL}
 		cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
 	fi
-	#rm $directory_host/*
 done