Untitled

#!/bin/sh
###############################################################################
## 17/10/2013 --- RT-N56U / RT-AC56U / RT-AC68U Firewall Addition v2.0 Alpha ##
######################################################################################
###          ----- Make Sure To Edit The Following Files -----                       #
### /etc/storage/started_script.sh       <-- Cronjob Adding For Hourly Save/modprobe #
### /etc/storage/post_iptables_script.sh <-- Execute Blacklist Script On Startup     #
### /opt/bin/firewall                    <-- Blacklists IP's From /opt/etc/ipset.txt #
### /opt/tmp/ipset.txt                   <-- Banned IP List/IPSet Rules              #
######################################################################################

##############################
#####Commands / Variables#####
##############################
UNBANSINGLE="unban"          # <-- Remove Single IP From Blacklist
UNBANALL="unbanall"          # <-- Unbans All IPs In Blacklist
REMOVEBANS="removeall"       # <-- Remove All Entries From Blacklist
SAVEIPSET="save"             # <-- Save Blacklists to /opt/tmp/ipset.txt
BANSINGLE="ban"              # <-- Adds Entry To Blacklist
BANCOUNTRYSINGLE="country"   # <-- Adds entire country to blacklist (fucking chinese assholes)
BANCOUNTRYLIST="bancountry"  # <-- Bans specified countries in this file
HIDEMYASS="hideme"           # <-- Switch to unrestricted DNS (proxydns.co)
FINDMYASS="findme"           # <-- Switch to Bigpond DNS (Default)
BACKUPRULES="backup"         # <-- Backup IPSet Rules to /opt/tmp/ipset2.txt
##############################


started=`date`
bannedips=/opt/tmp/ipamount

###############################################################################################
# Unban / Unbanall / Removeall / Scan / Ban / Country / Bancountry / Hideme / Findme / Backup #
###############################################################################################

if [ X"$@" = X"$UNBANSINGLE" ]
then
    echo "Input IP Address To Unban"
    read unbannedip
    logger -t Firewall "[Unbanning And Removing $unbannedip From Blacklist] ... ... ..."
    ipset -q -D Blacklist $unbannedip
    echo "`sed /$unbannedip/d /opt/tmp/ipset.txt`" > /opt/tmp/ipset.txt
    echo "$unbannedip Is Now Unbanned"

elif [ X"$@" = X"$UNBANALL" ]
then
    echo "[Unbanning All IP's] ... ... ..."
    logger -t Firewall "[Unbanning All IP's] ... ... ..."
    ipset flush

elif [ X"$@" = X"$REMOVEBANS" ]
then
    expr `ipset list | wc -l` - 15 > /opt/tmp/ipamount
    echo "[Deleting All `cat $bannedips` Entries From Blacklist] ... ... ..."
    logger -t Firewall "[Deleting `cat $bannedips` Entries From Blacklist] ... ... ..."
    ipset flush
    ipset save > /opt/tmp/ipset.txt

elif [ X"$@" = X"$SAVEIPSET" ]
then
    echo "[Saving Blacklists] ... ... ..."
    ipset save > /opt/tmp/ipset.txt
    echo "`sed '/crond: USER admin/d' /tmp/syslog.log`" > /tmp/syslog.log

elif [ X"$@" = X"$BANSINGLE" ]
then
    echo "Input IP Address"
    read bannedip
    logger -t Firewall "[Adding $bannedip To Blacklist] ... ... ..."
    ipset -q -A Blacklist $bannedip
    echo "$bannedip Is Now Banned"

elif [ X"$@" = X"$BANCOUNTRYSINGLE" ]
then
    echo "Input Country Abreviation"
    read country
    for ip in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
    do
    ipset -q -A BlockedCountries $ip
    done

elif [ X"$@" = X"$BANCOUNTRYLIST" ]
then
    echo "[Banning Spam Countries] ... ... ..."
    for country in pk cn in jp ru sa
    do
    for IP in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
    do
    ipset -q -A BlockedCountries $IP
    done
    done

elif [ X"$@" = X"$HIDEMYASS" ]
then
    echo "Switching To Unrestricted Proxy DNS"
    logger -t Firewall "[Switching To Unrestricted Proxy DNS] ... ... ..."
    echo "nameserver 74.207.242.213" > /etc/resolv.conf
    echo "nameserver 50.116.28.138" >> /etc/resolv.conf
    killall dnsmasq
    dnsmasq

elif [ X"$@" = X"$FINDMYASS" ]
then
    echo "Switching To Restricted Bigpond DNS"
    logger -t Firewall "[Switching To Restricted Bigpond DNS] ... ... ..."
    echo "nameserver 139.130.4.4" >> /etc/resolv.conf
    echo "nameserver 203.50.2.71" > /etc/resolv.conf
    killall dnsmasq
    dnsmasq

elif [ X"$@" = X"$BACKUPRULES" ]
then
    echo "Backing Up Current IPSet Rules"
    cp -f /opt/tmp/ipset.txt /opt/tmp/ipset2.txt

else
    echo "[IP Banning Started] ... ... ..."
    logger -t Firewall "[IP Banning Started] ... ... ..."
    # ipset -N Blacklist iphash --hashsize 1024 --maxelem 200000
    # ipset -N BlockedCountries nethash --hashsize 4096 --maxelem 25000
    ipset -! restore -f /opt/tmp/ipset.txt
    iptables -D logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    iptables -D INPUT -m set --match-set Blacklist src -j DROP
    iptables -D INPUT -m set --match-set BlockedCountries src -j DROP
    iptables -D logdrop -m state --state NEW -j SET --add-set Blacklist src
    iptables -I INPUT -m set --match-set Blacklist src -j DROP
    iptables -I INPUT -m set --match-set BlockedCountries src -j DROP
    iptables -I logdrop -m state --state NEW -j SET --add-set Blacklist src
    echo "`sed '/DROP IN=/d' /tmp/syslog.log`" > /tmp/syslog.log
fi

#########
#Logging#
#########
OLDAMOUNT=`cat /opt/tmp/ipamount`
echo "Started:  $started"
echo "Finished: `date`"
expr `ipset list | wc -l` - 15 > /opt/tmp/ipamount
NEWAMOUNT=`cat /opt/tmp/ipamount`
echo "`cat $bannedips` IP's currently banned."
logger -t Firewall "[Complete] `cat $bannedips` IPs currently banned. `expr $NEWAMOUNT - $OLDAMOUNT` New IP's Banned. "