1 2 3 4 5 6 7 8 9 |
echo "CHECK FOR SSH BRUTE FORCE ATTEMPTS" $IPT -N SSH_BF $IPT -A SSH_BF -s $SAFEIP -j RETURN $IPT -A SSH_BF -m recent --set --name SSH --rsource $IPT -A SSH_BF -m recent ! --update --seconds 60 --hitcount 10 --name SSH --rsource -j RETURN $IPT -A SSH_BF -m recent --update --name SSH --rsource $IPT -A SSH_BF -j LOG --log-prefix "SSH Brute Force Attempt: " $IPT -A SSH_BF -p tcp -j DROP $IPT -A INPUT -i $EXT -p tcp --dport 22 -m state --state NEW -j SSH_BF |
echo "-BAD PEOPLE BANNING" $IPT -N BAD_PEOPLE $IPT -A BAD_PEOPLE -j RETURN $IPT -A INPUT -j BAD_PEOPLE $IPT -A FORWARD -j BAD_PEOPLE |
CHKSTR="SSH Brute Force Attempt" TMPLST=/tmp/list.tmp BADIP=/admin/fwall/badip.list IPT=/sbin/iptables /bin/dmesg | grep -e "$CHKSTR" | gawk '{ print $8 }' | sort | uniq | cut -f 2 -d "=" > $TMPLST echo "Bad List = `cat $BADIP | wc -l`" cat $TMPLST >> $BADIP cat $BADIP | sort | uniq > $TMPLST cat $TMPLST > $BADIP echo "Bad List = `cat $BADIP | wc -l`" rm -rf $TMPLST echo "updating firewall.." $IPT -vF BAD_PEOPLE for x in `cat $BADIP | grep -v -e "<safe network range1>"` do $IPT -A BAD_PEOPLE -s $x -j DROP done $IPT -A BAD_PEOPLE -j RETURN $IPT -vnL BAD_PEOPLE |