Block those unwanted IPs

Status
Not open for further replies.
D

darinschmidt

Cadet
Joined
Aug 11, 2012
Messages
9
Since i've been a huge fan of FreeNAS for, well since forever, i felt like it was time to contribute what i can. Not sure i this is already out there but this fit the bill with what i needed to block IP's at the router level. My setup is using a freenas server with a tplink wdr3600 ddwrt router. The goal is to create a list of IP's and send them to the router to add to IP tables to block. DO NOT THINK that because you use this script that it is by any means an excuse for NOT using a strong password. I'd just rather not allow them on my network to attemt to do harm to any of my PC's once in violation.

This script scans the security log or any log you specify and compiles a list of "bad" ips and also has an allow IP's list that you specify to be excluded. So here is the code. I'm still working on the part of sending the blocked ip's to the router as im having issues with SSH at the moment, but the script as far as i have tested, appears to be flawless. It may not be the best written so please make suggestions.

scp and the removal of the tmp files are currently commented out due to not being able to test SSH at the time im posting this, so if you workon this and test it to prove it works, make sure to uncomment them.

Code:
#!/bin/bash
umask 022

# Darin Schmidt 2/5/2013 FreeBSD (FreeNAS 8.3.0 tested) v1.2
# BlockIP script
#
# This blocks all IP's that have failed to login after 3 attempts and creates
# or attempts to use an invalid username
#
# This script assumes that you have created a file called allowip at the location
# /var/run/ edit this if you prefer another location
#
# edit the code below to where your security log files are:
# grep -w "Failed password" /var/log/tmplog.log >> /tmp/tmpfile
# grep -w "Invalid user" /var/log//tmplog.log >> /tmp/tmpfile
#
# all files needed to function:
# /tmp/tmpfile
# /tmp/blocktheseIPs
# /tmp/tmpfile2
# /var/log/blockedIPs.log
# /var/run/allowips
# blockedIPs.log logs all the IP's that you have blocked
#
# /tmp/blocktheseIPs file is uploaded to your DDWRT router via scp which then the 
# router executes the command to add these IP's to iptables to ban
#
# if [ "$safe" != "192" ]; then 192 si the first octet of the local IP's
# to ensure they do not get banned for some odd reason as well as a secondary
# countermeasure, you can add the entire 256 IP's to the allow list along with
# other IP's you dont want banned
# 
 
#check to make sure new fresh files are available

if [ -f /tmp/tmpfile ] || [ -f /tmp/blocktheseIPs ] || [ -f /tmp/tmpfile2 ]; then
rm -f /tmp/tmpfile
rm -f /tmp/blocktheseIPs
rm -f /tmp/tmpfile2
touch /tmp/tmpfile
touch /tmp/blocktheseIPs
touch /tmp/tmpfile2
else
touch /tmp/tmpfile
touch /tmp/blocktheseIPs
touch /tmp/tmpfile2
fi


#check to make sure the blockedIPs.log file exists

if [ ! -f /var/log/blockedIPs.log ]; then
touch /var/log/blockedIPs.log
fi


if [ ! -f /var/run/allowips ]; then
touch /var/run/allowips
fi


#find all lines with IP's in the logs that shouldnt have access

grep -w "Failed password" /var/log/tmplog.log >> /tmp/tmpfile
grep -w "Invalid user" /var/log//tmplog.log >> /tmp/tmpfile
sleep 1


#extract only the IPs and put them in a file

cat /tmp/tmpfile | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' >> /tmp/tmpfile2
sleep 1
#find all non allowed IP's


ip2=""
t=0
b=0
for ip in `cat /tmp/tmpfile2`; do
if [ "$ip" == "$ip2" ]; then
       b=$b+1
    fi
if [ "$ip" != "$ip2" ]; then
       b=0
    fi
    for allow in `cat /var/run/allowips`; do
      if [ "$ip" == "$allow" ]; then
         t=$t+1
      fi
    done
      if [ "$t" != 1 ] || [ "$b" == 2 ]; then
         safe=`echo $ip|cut -c 1-3`
         if [ "$safe" != "192" ]; then
            echo "$ip" >> /tmp/blocktheseIPs
            ip2=`echo $ip`
         fi
         t=0
      fi
done
sleep 1


#copy IP's to a log file for future reference, copy the  file to the router
#and remove all temp files

cat /tmp/blocktheseIPs >> /var/log/blockedIPs.log


sleep 1
#scp <file> <user@routerIPorDOMAIN>:/tmp/.
#rm -f /tmp/tmpfile
#rm -f /tmp/blocktheseIPs
#rm -f /tmp/tmpfile2
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
This should probably be moved to the "Offtopic" section since this doesn't actually block IPs on the FreeNAS server itself but will via the router. Of course, if I'm wrong feel free to correct me.

Also, 3 seems kind of low for the number of attempts. It would suck to be away from home and due to a few mistakes on your part you find yourself blocked. This may work better if you have a variable that lets someone change it to anything they want.
 
D

darinschmidt

Cadet
Joined
Aug 11, 2012
Messages
9
cyberjock said:
This should probably be moved to the "Offtopic" section since this doesn't actually block IPs on the FreeNAS server itself but will via the router. Of course, if I'm wrong feel free to correct me.
Click to expand...
Makes sense but i was also hoping that maybe someone would mod the code to actually block it on the system as well, which i dont think would be that hard???

cyberjock said:
Also, 3 seems kind of low for the number of attempts. It would suck to be away from home and due to a few mistakes on your part you find yourself blocked. This may work better if you have a variable that lets someone change it to anything they want.
Click to expand...

I agree, i havent really found a solution for that because while remote you dont really know what IP you are going to have so you cant add it to the accept list. "$b" == 2 you can set the number to be whatever you like so that you dont get blocked after 2 attempts if you like. But good to point that out. I'll see about getting this moved to Offtopic.
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I moved it. Forgot I have the powah!
 
joeschmuck

joeschmuck

Old Man
Moderator
Joined
May 28, 2011
Messages
10,994
S

serk1

Cadet
Joined
Mar 25, 2015
Messages
6
I made some edits to this script. Instead of sending the IPs to block, it writes a hosts.allow file to block people.

Code:
#!/bin/bash
umask 022
max_attempts_allowed=20
email_to="xxxxxxxx@xxxxxx.com"
allowips_location="/mnt/xxxx/xxxx/allowips"
authlog_location="/var/log/auth.log"
netint_name="igb0"
 
# Darin Schmidt 2/5/2013 FreeBSD (FreeNAS 8.3.0 tested) v1.2
# BlockIP script
# Edited by Kristopher L Anderson 3/26/2015 (FreeNAS 9.3 tested)
#
# NOTE that this script overwrites the hosts.allow file every time it is run
# 
# The script reads the log file in 'authlog_location' and pulls out the IP addresses from which
#  failed login attempts have originated. Any IP addresses that have failed more than 
#  'max_attempts_allowed' times will be blocked using /etc/hosts.allow
# 
# The contents of /etc/hosts.allow are emailed to the 'email_to' address at the end of the script
# 
# The script looks for a file in 'allowips_location' that has one IP address per line
#  These IPs will be ignored and not blocked even if they have multiple failed login attempts
# 
# Assign the name of the active network interface of the machine running this script to 'netint_name'
#  to have this machine's IP address explicitly allowed on hosts.allow. You can get the name by calling
#  ifconfig -a    or   ip link show
# 
# echo -n is used to concatenate output into one line. Some systems do not recognize the -n flag
# 
# See below for temporary files that are created and then deleted by this script.
# 
# If you want IPs to be permanently blocked, you could make some of the temporary files
#  (blockips_blockedips, for example), persistent and change some of the >'s to >>'s
# 
# One usage example for this script is to have it run every five minutes in a cron job. It will block
#  IPs with too many attempts until the log file in 'authlog_location' is overwritten. This should 
#  slow down a brute force attack significantly.
# 

# Get current date and time
dt=$(date '+%Y/%m/%d %H:%M:%S')

# Make sure new fresh files are available
touch /tmp/blockips_failedlines
touch /tmp/blockips_failedips
touch /tmp/blockips_failedipssort
touch /tmp/blockips_allowedips
touch /tmp/blockips_failedcount
touch /tmp/blockips_blockedips
echo > /tmp/blockips_failedlines
echo > /tmp/blockips_failedips
echo > /tmp/blockips_failedipssort
echo > /tmp/blockips_allowedips
echo > /tmp/blockips_failedcount
echo > /tmp/blockips_blockedips

# If allowips file does not exist, them make a blank file
if [ ! -f "$allowips_location" ]; then
	touch "$allowips_location"
fi

#find all lines with IP's in the logs that have had failed attempts
grep -w "Failed password" "$authlog_location" > /tmp/blockips_failedlines
grep -w "Invalid user" "$authlog_location" > /tmp/blockips_failedlines
sleep 1
 
#extract only the IPs and put them in a file
cat /tmp/blockips_failedlines | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_failedips
sleep 1

# Sort the IPs
sort /tmp/blockips_failedips > /tmp/blockips_failedipssort
sleep 1

# Extract IP addresses from the allowed IPs file
cat "$allowips_location" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_allowedips
sleep 1

# Count number of failed attempts per IP
uniq -c /tmp/blockips_failedipssort /tmp/blockips_failedcount

# Make sure file of blocked IPs is cleared
> /tmp/blockips_blockedips

# Loop through file with counts of failed attempts per IP
while read ipcount ip; do
	
	# Determine if the current IP is in the allowed list
	safe=0
	for allow in `cat  /tmp/blockips_allowedips`; do
		if [ "$ip" == "$allow" ]; then
			safe=1
    	fi
	done
	# If this IP is not in the allowed list and also has exceeded the number of allowed attempts,
	if [ $safe -eq 0 ] && [ $ipcount -gt $max_attempts_allowed ]; then
		echo "block " "$ip" " " "$ipcount"
		echo "$ip" >> /tmp/blockips_blockedips
	else
		echo "safe " "$ip" " " "$ipcount"
	fi
done < /tmp/blockips_failedcount # This is the file with counts of attempts and IP addresses

# Create the hosts.allow file
#  NOTE that this overwrites hosts.allow every time the script is run
echo "#auto generated hosts.allow " "$dt" > /etc/hosts.allow

# Put trusted IPs and ranges, etc in here:
echo "ALL : 10.0.0.0/255.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 172.16.0.0/240.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 192.168.0.0/255.255.0.0 : allow"  >> /etc/hosts.allow # Private address space
# You can add more allowed address spaces here using the form above

# Add the address of this machine's active network interface
echo -n "ALL : " >> /etc/hosts.allow
echo -n "$(ifconfig "$netint_name" | grep inet | grep -v inet6 | awk '{print $2}')" >> /etc/hosts.allow # This machine's IP
echo " : allow" >> /etc/hosts.allow

# Add the blocked IPs and deny access
while read ip; do
	echo "ALL : " "$ip" " : deny" >> /etc/hosts.allow
done < /tmp/blockips_blockedips

# Allow all other connections
echo "ALL : ALL : allow" >> /etc/hosts.allow
echo "" >> /etc/hosts.allow # Add a blank line
 
# Email a copy of hosts.allow
sleep 1
cat /etc/hosts.allow | mail -s "TSFS hosts.allow" "$email_to"
sleep 1

# Delete temporary files
rm -f /tmp/blockips_failedlines
rm -f /tmp/blockips_failedips
rm -f /tmp/blockips_failedipssort
rm -f /tmp/blockips_allowedips
rm -f /tmp/blockips_failedcount
rm -f /tmp/blockips_blockedips
 
A

ac milton

Cadet
Joined
Jun 23, 2015
Messages
3
serk1 said:
I made some edits to this script. Instead of sending the IPs to block, it writes a hosts.allow file to block people.

Code:
#!/bin/bash
umask 022
max_attempts_allowed=20
email_to="xxxxxxxx@xxxxxx.com"
allowips_location="/mnt/xxxx/xxxx/allowips"
authlog_location="/var/log/auth.log"
netint_name="igb0"

# Darin Schmidt 2/5/2013 FreeBSD (FreeNAS 8.3.0 tested) v1.2
# BlockIP script
# Edited by Kristopher L Anderson 3/26/2015 (FreeNAS 9.3 tested)
#
# NOTE that this script overwrites the hosts.allow file every time it is run
#
# The script reads the log file in 'authlog_location' and pulls out the IP addresses from which
#  failed login attempts have originated. Any IP addresses that have failed more than
#  'max_attempts_allowed' times will be blocked using /etc/hosts.allow
#
# The contents of /etc/hosts.allow are emailed to the 'email_to' address at the end of the script
#
# The script looks for a file in 'allowips_location' that has one IP address per line
#  These IPs will be ignored and not blocked even if they have multiple failed login attempts
#
# Assign the name of the active network interface of the machine running this script to 'netint_name'
#  to have this machine's IP address explicitly allowed on hosts.allow. You can get the name by calling
#  ifconfig -a    or   ip link show
#
# echo -n is used to concatenate output into one line. Some systems do not recognize the -n flag
#
# See below for temporary files that are created and then deleted by this script.
#
# If you want IPs to be permanently blocked, you could make some of the temporary files
#  (blockips_blockedips, for example), persistent and change some of the >'s to >>'s
#
# One usage example for this script is to have it run every five minutes in a cron job. It will block
#  IPs with too many attempts until the log file in 'authlog_location' is overwritten. This should
#  slow down a brute force attack significantly.
#

# Get current date and time
dt=$(date '+%Y/%m/%d %H:%M:%S')

# Make sure new fresh files are available
touch /tmp/blockips_failedlines
touch /tmp/blockips_failedips
touch /tmp/blockips_failedipssort
touch /tmp/blockips_allowedips
touch /tmp/blockips_failedcount
touch /tmp/blockips_blockedips
echo > /tmp/blockips_failedlines
echo > /tmp/blockips_failedips
echo > /tmp/blockips_failedipssort
echo > /tmp/blockips_allowedips
echo > /tmp/blockips_failedcount
echo > /tmp/blockips_blockedips

# If allowips file does not exist, them make a blank file
if [ ! -f "$allowips_location" ]; then
    touch "$allowips_location"
fi

#find all lines with IP's in the logs that have had failed attempts
grep -w "Failed password" "$authlog_location" > /tmp/blockips_failedlines
grep -w "Invalid user" "$authlog_location" > /tmp/blockips_failedlines
sleep 1

#extract only the IPs and put them in a file
cat /tmp/blockips_failedlines | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_failedips
sleep 1

# Sort the IPs
sort /tmp/blockips_failedips > /tmp/blockips_failedipssort
sleep 1

# Extract IP addresses from the allowed IPs file
cat "$allowips_location" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_allowedips
sleep 1

# Count number of failed attempts per IP
uniq -c /tmp/blockips_failedipssort /tmp/blockips_failedcount

# Make sure file of blocked IPs is cleared
> /tmp/blockips_blockedips

# Loop through file with counts of failed attempts per IP
while read ipcount ip; do
  
    # Determine if the current IP is in the allowed list
    safe=0
    for allow in `cat  /tmp/blockips_allowedips`; do
        if [ "$ip" == "$allow" ]; then
            safe=1
        fi
    done
    # If this IP is not in the allowed list and also has exceeded the number of allowed attempts,
    if [ $safe -eq 0 ] && [ $ipcount -gt $max_attempts_allowed ]; then
        echo "block " "$ip" " " "$ipcount"
        echo "$ip" >> /tmp/blockips_blockedips
    else
        echo "safe " "$ip" " " "$ipcount"
    fi
done < /tmp/blockips_failedcount # This is the file with counts of attempts and IP addresses

# Create the hosts.allow file
#  NOTE that this overwrites hosts.allow every time the script is run
echo "#auto generated hosts.allow " "$dt" > /etc/hosts.allow

# Put trusted IPs and ranges, etc in here:
echo "ALL : 10.0.0.0/255.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 172.16.0.0/240.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 192.168.0.0/255.255.0.0 : allow"  >> /etc/hosts.allow # Private address space
# You can add more allowed address spaces here using the form above

# Add the address of this machine's active network interface
echo -n "ALL : " >> /etc/hosts.allow
echo -n "$(ifconfig "$netint_name" | grep inet | grep -v inet6 | awk '{print $2}')" >> /etc/hosts.allow # This machine's IP
echo " : allow" >> /etc/hosts.allow

# Add the blocked IPs and deny access
while read ip; do
    echo "ALL : " "$ip" " : deny" >> /etc/hosts.allow
done < /tmp/blockips_blockedips

# Allow all other connections
echo "ALL : ALL : allow" >> /etc/hosts.allow
echo "" >> /etc/hosts.allow # Add a blank line

# Email a copy of hosts.allow
sleep 1
cat /etc/hosts.allow | mail -s "TSFS hosts.allow" "$email_to"
sleep 1

# Delete temporary files
rm -f /tmp/blockips_failedlines
rm -f /tmp/blockips_failedips
rm -f /tmp/blockips_failedipssort
rm -f /tmp/blockips_allowedips
rm -f /tmp/blockips_failedcount
rm -f /tmp/blockips_blockedips
Click to expand...

Works like a charm.
Thanks for this great job guys.
 
Chakalov

Chakalov

Explorer
Joined
Feb 9, 2015
Messages
53
Please excuse me for bringing this back from the dirt but I find this script pretty handy in some cases. Yes, I am well aware that the NAS should stay behind firewall and with less to none ports available to the outside world but in some cases we need to expose some of it. For example in my case I have a customer that regularly transfers files via SFTP and so SSH access is needed (root access disabled, entry possible only with SSH key). Even though the original port is redirected to something meaningless it doesn't take much time to become a test host for a lot or teenage hackers. And that bugs me! I wanted to have a script that works pretty much like fail2ban and this here works just fine for me. Except some minor changes that I would like to present to your attention:

- Firstly if we do this

Code:
grep -w "Failed password" "$authlog_location" > /tmp/blockips_failedlines
grep -w "Invalid user" "$authlog_location" > /tmp/blockips_failedlines


this would unfortunately means that after we create the blockips_failedlines with "Failed password" attempts we then overwrite it with the "Invalid user" logins which we definitely do not want - we need to merge them! In that case simply putt >> on the second line, like this:

Code:
grep -w "Failed password" "$authlog_location" > /tmp/blockips_failedlines
grep -w "Invalid user" "$authlog_location" >> /tmp/blockips_failedlines


That will fix it all and now we'll have every unwanted attempt registered.

- The second problem with Freenas and perhaps other systems is that the this /var/log/auth.log file gets compressed and archived when it grows above certain size. Trouble is that this script doesn't take this into account and looks only into the current log file, without even bother the archived ones. What that simply means is when Freenas creates the auth.log archive all previously banned IP's will be cleared from the hosts.allow file and won't be banned anymore the very next time the script runs. So my approach to fix this is by getting all log files (current and archived ones), put them into a temp directory to safely work with them, unarchive any ZIP files and then search trough all of them for Failed password and Invalid user attempts.

Code:
# copy all auth log files into one place
cp /var/log/auth.* /tmp/
# unzip and delete the original bz2 files since we won't need them
bzip2 -d /tmp/auth.log.*.bz2
#find all lines with IP's in the logs that have had failed attempts
grep -w "Failed password" /var/log/auth/auth.* > /tmp/blockips_failedlines
grep -w "Invalid user" /var/log/auth/auth.* >> /tmp/blockips_failedlines
sleep 1


And that pretty much is everything you need. The last thing you might want to do is create a task job that runs this script depending on your preferences and hopefully live a happier life :)

Here's my script in full length and please let me know if I've screw it somewhere ;)

Thanks a lot @serk1 for the hard work and hope you don't mind this mod!

Code:
#!/bin/bash
umask 022
max_attempts_allowed=3
email_to="xxxxxxxx@xxxxxx.com"
allowips_location="/mnt/xxxx/xxxx/allowips"
# authlog_location="/var/log/auth.log"
netint_name="igb0"

# Darin Schmidt 2/5/2013 FreeBSD (FreeNAS 8.3.0 tested) v1.2
# BlockIP script
# Edited by Kristopher L Anderson 3/26/2015 (FreeNAS 9.3 tested)
#
# NOTE that this script overwrites the hosts.allow file every time it is run
#
# The script reads the log file in 'authlog_location' and pulls out the IP addresses from which
#  failed login attempts have originated. Any IP addresses that have failed more than
#  'max_attempts_allowed' times will be blocked using /etc/hosts.allow
#
# The contents of /etc/hosts.allow are emailed to the 'email_to' address at the end of the script
#
# The script looks for a file in 'allowips_location' that has one IP address per line
#  These IPs will be ignored and not blocked even if they have multiple failed login attempts
#
# Assign the name of the active network interface of the machine running this script to 'netint_name'
#  to have this machine's IP address explicitly allowed on hosts.allow. You can get the name by calling
#  ifconfig -a  or  ip link show
#
# echo -n is used to concatenate output into one line. Some systems do not recognize the -n flag
#
# See below for temporary files that are created and then deleted by this script.
#
# If you want IPs to be permanently blocked, you could make some of the temporary files
#  (blockips_blockedips, for example), persistent and change some of the >'s to >>'s
#
# One usage example for this script is to have it run every five minutes in a cron job. It will block
#  IPs with too many attempts until the log file in 'authlog_location' is overwritten. This should
#  slow down a brute force attack significantly.
#

# Get current date and time
dt=$(date '+%Y/%m/%d %H:%M:%S')

# Make sure new fresh files are available
touch /tmp/blockips_failedlines
touch /tmp/blockips_failedips
touch /tmp/blockips_failedipssort
touch /tmp/blockips_allowedips
touch /tmp/blockips_failedcount
touch /tmp/blockips_blockedips
echo > /tmp/blockips_failedlines
echo > /tmp/blockips_failedips
echo > /tmp/blockips_failedipssort
echo > /tmp/blockips_allowedips
echo > /tmp/blockips_failedcount
echo > /tmp/blockips_blockedips

# If allowips file does not exist, them make a blank file
if [ ! -f "$allowips_location" ]; then
  touch "$allowips_location"
fi

#find all lines with IP's in the logs that have had failed attempts
cp /var/log/auth.* /tmp/
bzip2 -d /tmp/auth.log.*.bz2
grep -w "Failed password" /temp/auth.* > /tmp/blockips_failedlines
grep -w "Invalid user" /temp/auth.* >> /tmp/blockips_failedlines
sleep 1
#extract only the IPs and put them in a file
cat /tmp/blockips_failedlines | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_failedips
sleep 1

# Sort the IPs
sort /tmp/blockips_failedips > /tmp/blockips_failedipssort
sleep 1

# Extract IP addresses from the allowed IPs file
cat "$allowips_location" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /tmp/blockips_allowedips
sleep 1

# Count number of failed attempts per IP
uniq -c /tmp/blockips_failedipssort /tmp/blockips_failedcount

# Make sure file of blocked IPs is cleared
> /tmp/blockips_blockedips

# Loop through file with counts of failed attempts per IP
while read ipcount ip; do

  # Determine if the current IP is in the allowed list
  safe=0
  for allow in `cat  /tmp/blockips_allowedips`; do
  if [ "$ip" == "$allow" ]; then
  safe=1
  fi
  done
  # If this IP is not in the allowed list and also has exceeded the number of allowed attempts,
  if [ $safe -eq 0 ] && [ $ipcount -gt $max_attempts_allowed ]; then
  echo "block " "$ip" " " "$ipcount"
  echo "$ip" >> /tmp/blockips_blockedips
  else
  echo "safe " "$ip" " " "$ipcount"
  fi
done < /tmp/blockips_failedcount # This is the file with counts of attempts and IP addresses

# Create the hosts.allow file
#  NOTE that this overwrites hosts.allow every time the script is run
echo "#hourly auto generated hosts.allow " "$dt" > /etc/hosts.allow

# Put trusted IPs and ranges, etc in here:
echo "ALL : 10.0.0.0/255.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 172.16.0.0/240.0.0.0 : allow"  >> /etc/hosts.allow # Private address space
echo "ALL : 192.168.1.0/255.255.0.0 : allow"  >> /etc/hosts.allow # Private address space
# You can add more allowed address spaces here using the form above

# Add the address of this machine's active network interface
echo -n "ALL : " >> /etc/hosts.allow
echo -n "$(ifconfig "$netint_name" | grep inet | grep -v inet6 | awk '{print $2}')" >> /etc/hosts.allow # This machine's IP
echo " : allow" >> /etc/hosts.allow

# Add the blocked IPs and deny access
while read ip; do
  echo "ALL : " "$ip" " : deny" >> /etc/hosts.allow
done < /tmp/blockips_blockedips

# Allow all other connections
echo "ALL : ALL : allow" >> /etc/hosts.allow
echo "" >> /etc/hosts.allow # Add a blank line
Email a copy of hosts.allow
sleep 1
cat /etc/hosts.allow | mail -s "TSFS hosts.allow" "$email_to"
sleep 1

# Delete temporary files
rm -f /tmp/blockips_failedlines
rm -f /tmp/blockips_failedips
rm -f /tmp/blockips_failedipssort
rm -f /tmp/blockips_allowedips
rm -f /tmp/blockips_failedcount
rm -f /tmp/blockips_blockedips
rm -f /tmp/auth.*
 
Last edited:
Status
Not open for further replies.

Similar threads

E
  • Locked
Wrote a script to turn on LED on disk failure, needs review/testing
Replies
2
Views
2K
Ender117
E
T
Install script for Domoticz with open-zwave driver in iocage jail
Replies
12
Views
4K
hervon
H
marian78
  • Locked
Script to email if upload/download/delete files over FTP
Replies
2
Views
3K
marian78
marian78
E
  • Locked
Since update 9.3.1-9.10 script not working
Replies
12
Views
3K
Islander
I
j_r0dd
[script] drive temps
2
Replies
29
Views
5K
Rudi Pittman
R
Top