paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

initialize a manual-blacklist set

Browse Source
This commit is contained in:
Pawel Krawczyk
2014-12-23 12:20:16 +00:00
parent 751c0dc403
commit 2b119b9b22
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
blacklist.sh
View File

@@ -31,15 +31,25 @@ if ! iptables -L | grep -q "Chain ${blocklist_chain_name}"; then
fi fi
# inject references to blocklist in the beginning of input and forward chains # inject references to blocklist in the beginning of input and forward chains
if ! iptables -L INPUT|grep -q ${blocklist_chain_name}; then if ! iptables -L INPUT | grep -q ${blocklist_chain_name}; then
iptables -I INPUT 1 -m state --state NEW,RELATED -j ${blocklist_chain_name} iptables -I INPUT 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
fi fi
if ! iptables -L FORWARD|grep -q ${blocklist_chain_name}; then if ! iptables -L FORWARD | grep -q ${blocklist_chain_name}; then
iptables -I FORWARD 1 -m state --state NEW,RELATED -j ${blocklist_chain_name} iptables -I FORWARD 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
fi fi
# flush the chain referencing blacklists, they will be restored in a second
iptables -F ${blocklist_chain_name} iptables -F ${blocklist_chain_name}
# create the "manual" blacklist set
set_name="manual-blacklist"
if ! ipset list | grep -q "Name: ${set_name}"; then
ipset create "${set_name}" hash:net
fi
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -m limit --limit 10/minute -j LOG --log-prefix "BLOCK ${set_name} "
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -j DROP
# now process the dynamic blacklists
for url in $urls; do for url in $urls; do
# initialize temp files # initialize temp files
unsorted_blocklist=$(mktemp) unsorted_blocklist=$(mktemp)