paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add "nolog" option

Browse Source
This commit is contained in:
Pawel Krawczyk 2015-05-18 15:49:01 +01:00
parent f0ba9ab2fe
commit 173f4db0f9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
blacklist.sh
View File

@ -111,7 +111,9 @@ for url in $urls; do
# actually execute the set update # actually execute the set update
ipset -! -q restore < "${new_set_file}" ipset -! -q restore < "${new_set_file}"
if [ "$1" != "nolog" ]; then
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -m limit --limit 10/minute -j LOG --log-prefix "BLOCK ${set_name} " iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -m limit --limit 10/minute -j LOG --log-prefix "BLOCK ${set_name} "
fi
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -j DROP iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -j DROP
# clean up temp files # clean up temp files