v4l3n71n/deployment-web
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add iptables rules

Browse Source
This commit is contained in:
Valentin CZERYBA 2023-02-04 18:38:19 +01:00
parent 0ea6c30c9b
commit cc219924cc
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
roles/deploy-web/files/blacklist.sh
View File

@ -3,9 +3,36 @@ MAIL=/tmp/mail
SERVER_LOG=/var/log/nginx SERVER_LOG=/var/log/nginx
HOST=($(cat /etc/sentinel/virtualhost)) HOST=($(cat /etc/sentinel/virtualhost))
BLACKLIST=/etc/sentinel/blacklist BLACKLIST=/etc/sentinel/blacklist
chain_count=$(iptables -L BLACKLIST | wc -l)
if [ ${chain_count} -eq 0 ]; then
iptables -N BLACKLIST
fi
if [ ! -f ${BLACKLIST} ]; then if [ ! -f ${BLACKLIST} ]; then
touch ${BLACKLIST} touch ${BLACKLIST}
fi fi
if [ ${chain_count} -gt 2 ]; then
chain_count=$(echo ${chain_count}-2 |bc)
iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count} | awk '{print $8}'))
for i in $(cat ${BLACKLIST})
do
block_ip=1
for j in ${iptables_ip[@]}
do
if [ "${i}" == "${j}" ]; then
block_ip=0
fi
done
if [ ${block_ip} -eq 1 ]; then
iptables -A BLACKLIST -s ${i} -j DROP
fi
done
else
for i in $(cat ${BLACKLIST})
do
iptables -A BLACKLIST -s ${i} -j DROP
done
fi
for i in ${HOST[@]} for i in ${HOST[@]}
do do
log_access=${SERVER_LOG}/${i}_access.log log_access=${SERVER_LOG}/${i}_access.log