Browse Source

Finished initial firewall implementation. Untested

master
Stefatorus 3 years ago
parent
commit
e5a415d24a
  1. 16
      Tools/firewall.sh

16
Tools/firewall.sh

@ -43,6 +43,7 @@ graylist_unverified=15
country-list="https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/"
safety-list="https://api.entryrise.com/minewall/"
wgetd="wget -q -c --retry-connrefused -t 0"
@ -59,12 +60,23 @@ ipset -N -! mw_graylist hash:net maxelem 10000
ipset -N -! mw_whitelist hash:net maxelem 10000
echo "Generating whitelist for the firewall..."
for ip in $(curl $safety-list/{wireless,residential,business}.iplist); do
ipset -A mw_whitelist $ip
done
# Create the graylist of safer countries. It's really important for the base check.
echo "Generating graylist for the firewall..."
for ip in $(curl $country-list/{ro,ua,tr,nl,de}.cidr); do
for ip in $(curl $country-list/{ro,hu,gb,au,dk,bg,ie,pt,gr}.cidr); do
ipset -A mw_graylist $ip
done
echo "Graylist finished generating."
echo "Generating blacklist for firewall."
for ip in $(curl $safety-list/{others}.iplist); do
ipset -A mw_blacklist $ip
done
#
# The blacklist makes sure any "smart bots" are blocked in time on your server after a while.
# Off the table just allow the whitelisted users and drop the blacklisted ones.
$iptables -A MineWall -p tcp --dport $protect_port -m set --match-set mw_whitelist src -j ACCEPT

Loading…
Cancel
Save