Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #################################################################################################
- ## 25/12/2013 --- RT-AC56U / RT-ACRT66U / RT-AC68U Firewall Addition v1.0 Beta #
- ######################################################################################################
- ### ----- Make Sure To Edit The Following Files ----- #
- ### /jffs/scripts/firewall-start <-- Blacklists IP's From /jffs/scripts/ipset.txt #
- ### /jffs/scripts/ipset.txt <-- Banned IP List/IPSet Rules #
- ######################################################################################################
- ##############################
- #####Commands / Variables#####
- ##############################
- UNBANSINGLE="unban" # <-- Remove Single IP From Blacklist
- UNBANALL="unbanall" # <-- Unbans All IPs In Blacklist
- REMOVEBANS="removeall" # <-- Remove All Entries From Blacklist
- SAVEIPSET="save" # <-- Save Blacklists to /jffs/scripts/ipset.txt
- BANSINGLE="ban" # <-- Adds Entry To Blacklist
- BANCOUNTRYSINGLE="country" # <-- Adds entire country to blacklist
- BANCOUNTRYLIST="bancountry" # <-- Bans specified countries in this file
- HIDEMYASS="hideme" # <-- Switch to unrestricted DNS (proxydns.co)
- BACKUPRULES="backup" # <-- Backup IPSet Rules to /jffs/scripts/ipset2.txt
- ##############################
- started=`date`
- bannedips=/jffs/scripts/ipamount
- ###############################################################################################
- # Unban / Unbanall / Removeall / Scan / Ban / Country / Bancountry / Hideme / Findme / Backup #
- ###############################################################################################
- if [ X"$@" = X"$UNBANSINGLE" ]
- then
- echo "Input IP Address To Unban"
- read unbannedip
- logger -t Firewall "[Unbanning And Removing $unbannedip From Blacklist] ... ... ..."
- ipset -q -D Blacklist $unbannedip
- echo "`sed /$unbannedip/d /jffs/scripts/ipset.txt`" > /jffs/scripts/ipset.txt
- echo "$unbannedip Is Now Unbanned"
- elif [ X"$@" = X"$UNBANALL" ]
- then
- echo "[Unbanning All IP's] ... ... ..."
- logger -t Firewall "[Unbanning All IP's] ... ... ..."
- ipset flush
- elif [ X"$@" = X"$REMOVEBANS" ]
- then
- expr `ipset list | wc -l` - 15 > /jffs/scripts/ipamount
- echo "[Deleting All `cat $bannedips` Entries From Blacklist] ... ... ..."
- logger -t Firewall "[Deleting `cat $bannedips` Entries From Blacklist] ... ... ..."
- ipset flush
- ipset save > /tmp/home/root/ipset.txt
- elif [ X"$@" = X"$SAVEIPSET" ]
- then
- echo "[Saving Blacklists] ... ... ..."
- ipset save > /jffs/scripts/ipset.txt
- echo "`sed '/crond: USER admin/d' /tmp/syslog.log`" > /tmp/syslog.log
- elif [ X"$@" = X"$BANSINGLE" ]
- then
- echo "Input IP Address"
- read bannedip
- logger -t Firewall "[Adding $bannedip To Blacklist] ... ... ..."
- ipset -q -A Blacklist $bannedip
- echo "$bannedip Is Now Banned"
- elif [ X"$@" = X"$BANCOUNTRYSINGLE" ]
- then
- echo "Input Country Abreviation"
- read country
- for ip in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
- do
- ipset -q -A BlockedCountries $ip
- done
- elif [ X"$@" = X"$BANCOUNTRYLIST" ]
- then
- echo "[Banning Spam Countries] ... ... ..."
- for country in cn pk ur af
- do
- for IP in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
- do
- ipset -q -A BlockedCountries $IP
- done
- done
- elif [ X"$@" = X"$HIDEMYASS" ]
- then
- echo "Switching To Unrestricted Proxy DNS"
- logger -t Firewall "[Switching To Unrestricted Proxy DNS] ... ... ..."
- echo "nameserver 74.207.242.213" > /etc/resolv.conf
- echo "nameserver 50.116.28.138" >> /etc/resolv.conf
- killall dnsmasq
- dnsmasq
- elif [ X"$@" = X"$BACKUPRULES" ]
- then
- echo "Backing Up Current IPSet Rules"
- cp -f /jffs/scripts/ipset.txt /jffs/scripts/ipset2.txt
- else
- echo "[IP Banning Started] ... ... ..."
- logger -t Firewall "[IP Banning Started] ... ... ..."
- # load ipset modules
- IPSET_PATH=/lib/modules/2.6.22.19/kernel/net/ipv4/netfilter
- insmod $IPSET_PATH/ip_set.ko
- insmod $IPSET_PATH/ip_set_nethash.ko
- insmod $IPSET_PATH/ip_set_iphash.ko
- insmod $IPSET_PATH/ipt_set.ko
- sleep 2
- echo "0 * * * * /jffs/scripts/firewall-start save" > /var/spool/cron/crontabs/admin
- echo "0 5 * * * /jffs/scripts/firewall-start backup" >> /var/spool/cron/crontabs/admin
- [ -n "`pidof crond`" ] && killall -q crond
- sleep 1
- crond
- ipset -! restore -f /jffs/scripts/ipset.txt
- ipset -N -q Blacklist iphash --hashsize 1024 --maxelem 200000
- ipset -N -q BlockedCountries nethash --hashsize 4096 --maxelem 200000
- iptables -D logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
- iptables -D INPUT -m set --set Blacklist src -j DROP
- iptables -D INPUT -m set --set BlockedCountries src -j DROP
- iptables -D logdrop -m state --state NEW -j SET --add-set Blacklist src
- iptables -I INPUT -m set --set Blacklist src -j DROP
- iptables -I INPUT -m set --set BlockedCountries src -j DROP
- iptables -I logdrop -m state --state NEW -j SET --add-set Blacklist src
- echo "`sed '/DROP IN=/d' /tmp/syslog.log`" > /tmp/syslog.log
- fi
- #########
- #Logging#
- #########
- OLDAMOUNT=`cat /jffs/scripts/ipamount`
- echo "Started: $started"
- echo "Finished: `date`"
- expr `ipset list | wc -l` - 15 > /jffs/scripts/ipamount
- NEWAMOUNT=`cat /jffs/scripts/ipamount`
- echo "`cat $bannedips` IP's currently banned."
- logger -t Firewall "[Complete] `cat $bannedips` IPs currently banned. `expr $NEWAMOUNT - $OLDAMOUNT` New IP's Banned. "
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement