Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- ###############################################################################
- ## 17/10/2013 --- RT-N56U / RT-AC56U / RT-AC68U Firewall Addition v2.0 Alpha ##
- ######################################################################################
- ### ----- Make Sure To Edit The Following Files ----- #
- ### /etc/storage/started_script.sh <-- Cronjob Adding For Hourly Save/modprobe #
- ### /etc/storage/post_iptables_script.sh <-- Execute Blacklist Script On Startup #
- ### /opt/bin/firewall <-- Blacklists IP's From /opt/etc/ipset.txt #
- ### /opt/tmp/ipset.txt <-- Banned IP List/IPSet Rules #
- ######################################################################################
- ##############################
- #####Commands / Variables#####
- ##############################
- UNBANSINGLE="unban" # <-- Remove Single IP From Blacklist
- UNBANALL="unbanall" # <-- Unbans All IPs In Blacklist
- REMOVEBANS="removeall" # <-- Remove All Entries From Blacklist
- SAVEIPSET="save" # <-- Save Blacklists to /opt/tmp/ipset.txt
- BANSINGLE="ban" # <-- Adds Entry To Blacklist
- BANCOUNTRYSINGLE="country" # <-- Adds entire country to blacklist (fucking chinese assholes)
- BANCOUNTRYLIST="bancountry" # <-- Bans specified countries in this file
- HIDEMYASS="hideme" # <-- Switch to unrestricted DNS (proxydns.co)
- FINDMYASS="findme" # <-- Switch to Bigpond DNS (Default)
- BACKUPRULES="backup" # <-- Backup IPSet Rules to /opt/tmp/ipset2.txt
- ##############################
- started=`date`
- bannedips=/opt/tmp/ipamount
- ###############################################################################################
- # Unban / Unbanall / Removeall / Scan / Ban / Country / Bancountry / Hideme / Findme / Backup #
- ###############################################################################################
- if [ X"$@" = X"$UNBANSINGLE" ]
- then
- echo "Input IP Address To Unban"
- read unbannedip
- logger -t Firewall "[Unbanning And Removing $unbannedip From Blacklist] ... ... ..."
- ipset -q -D Blacklist $unbannedip
- echo "`sed /$unbannedip/d /opt/tmp/ipset.txt`" > /opt/tmp/ipset.txt
- echo "$unbannedip Is Now Unbanned"
- elif [ X"$@" = X"$UNBANALL" ]
- then
- echo "[Unbanning All IP's] ... ... ..."
- logger -t Firewall "[Unbanning All IP's] ... ... ..."
- ipset flush
- elif [ X"$@" = X"$REMOVEBANS" ]
- then
- expr `ipset list | wc -l` - 15 > /opt/tmp/ipamount
- echo "[Deleting All `cat $bannedips` Entries From Blacklist] ... ... ..."
- logger -t Firewall "[Deleting `cat $bannedips` Entries From Blacklist] ... ... ..."
- ipset flush
- ipset save > /opt/tmp/ipset.txt
- elif [ X"$@" = X"$SAVEIPSET" ]
- then
- echo "[Saving Blacklists] ... ... ..."
- ipset save > /opt/tmp/ipset.txt
- echo "`sed '/crond: USER admin/d' /tmp/syslog.log`" > /tmp/syslog.log
- elif [ X"$@" = X"$BANSINGLE" ]
- then
- echo "Input IP Address"
- read bannedip
- logger -t Firewall "[Adding $bannedip To Blacklist] ... ... ..."
- ipset -q -A Blacklist $bannedip
- echo "$bannedip Is Now Banned"
- elif [ X"$@" = X"$BANCOUNTRYSINGLE" ]
- then
- echo "Input Country Abreviation"
- read country
- for ip in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
- do
- ipset -q -A BlockedCountries $ip
- done
- elif [ X"$@" = X"$BANCOUNTRYLIST" ]
- then
- echo "[Banning Spam Countries] ... ... ..."
- for country in pk cn in jp ru sa
- do
- for IP in $(wget -q -O - http://www.ipdeny.com/ipblocks/data/countries/$country.zone)
- do
- ipset -q -A BlockedCountries $IP
- done
- done
- elif [ X"$@" = X"$HIDEMYASS" ]
- then
- echo "Switching To Unrestricted Proxy DNS"
- logger -t Firewall "[Switching To Unrestricted Proxy DNS] ... ... ..."
- echo "nameserver 74.207.242.213" > /etc/resolv.conf
- echo "nameserver 50.116.28.138" >> /etc/resolv.conf
- killall dnsmasq
- dnsmasq
- elif [ X"$@" = X"$FINDMYASS" ]
- then
- echo "Switching To Restricted Bigpond DNS"
- logger -t Firewall "[Switching To Restricted Bigpond DNS] ... ... ..."
- echo "nameserver 139.130.4.4" >> /etc/resolv.conf
- echo "nameserver 203.50.2.71" > /etc/resolv.conf
- killall dnsmasq
- dnsmasq
- elif [ X"$@" = X"$BACKUPRULES" ]
- then
- echo "Backing Up Current IPSet Rules"
- cp -f /opt/tmp/ipset.txt /opt/tmp/ipset2.txt
- else
- echo "[IP Banning Started] ... ... ..."
- logger -t Firewall "[IP Banning Started] ... ... ..."
- # ipset -N Blacklist iphash --hashsize 1024 --maxelem 200000
- # ipset -N BlockedCountries nethash --hashsize 4096 --maxelem 25000
- ipset -! restore -f /opt/tmp/ipset.txt
- iptables -D logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
- iptables -D INPUT -m set --match-set Blacklist src -j DROP
- iptables -D INPUT -m set --match-set BlockedCountries src -j DROP
- iptables -D logdrop -m state --state NEW -j SET --add-set Blacklist src
- iptables -I INPUT -m set --match-set Blacklist src -j DROP
- iptables -I INPUT -m set --match-set BlockedCountries src -j DROP
- iptables -I logdrop -m state --state NEW -j SET --add-set Blacklist src
- echo "`sed '/DROP IN=/d' /tmp/syslog.log`" > /tmp/syslog.log
- fi
- #########
- #Logging#
- #########
- OLDAMOUNT=`cat /opt/tmp/ipamount`
- echo "Started: $started"
- echo "Finished: `date`"
- expr `ipset list | wc -l` - 15 > /opt/tmp/ipamount
- NEWAMOUNT=`cat /opt/tmp/ipamount`
- echo "`cat $bannedips` IP's currently banned."
- logger -t Firewall "[Complete] `cat $bannedips` IPs currently banned. `expr $NEWAMOUNT - $OLDAMOUNT` New IP's Banned. "
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement