Support a list of countries to ban.
This commit is contained in:
parent
131f847d6a
commit
7328bbac8f
1 changed files with 36 additions and 26 deletions
|
|
@ -80,32 +80,38 @@ function print_help() {
|
||||||
Usage: $(basename $0) -d FILE [OPTION...]
|
Usage: $(basename $0) -d FILE [OPTION...]
|
||||||
|
|
||||||
${bold}Mandatory options:${reset}
|
${bold}Mandatory options:${reset}
|
||||||
-d, --database=FILE The path to the GeoIP2 database file (must be either
|
-d, --database=FILE The path to the GeoIP2 database file (must
|
||||||
country or city database).
|
be either country or city database).
|
||||||
|
|
||||||
${bold}Optional options:${reset}
|
${bold}Optional options:${reset}
|
||||||
-a, --auto[=LIMIT] Enable the autopilot for automatically banning IP
|
-a, --auto[=LIMIT] Enable the autopilot for automatically
|
||||||
addresses of the desired country (see also -c option).
|
banning IP addresses of the desired
|
||||||
When LIMIT is given, only auto-ban IP addresses with at
|
countries (see also -c option).
|
||||||
least LIMIT current connections.
|
When LIMIT is given, only auto-ban IP
|
||||||
When LIMIT is omitted, assume LIMIT=1.
|
addresses with at least LIMIT current
|
||||||
|
connections.
|
||||||
|
When LIMIT is omitted, assume LIMIT=1.
|
||||||
|
|
||||||
-c, --country=COUNTRY The country-code to block; defaults to 'CN' (China).
|
-c, --country=COUNTRY[,COUNTRY...] The country-codes to block as a list of
|
||||||
|
comma-separated values; defaults to 'CN'
|
||||||
|
(China).
|
||||||
|
|
||||||
-j, --jail=JAIL Specify the JAIL to use for banning the IP addresses.
|
-j, --jail=JAIL Specify the JAIL to use for banning the IP
|
||||||
Defaults to 'apache-auth'.
|
addresses.
|
||||||
|
Defaults to 'apache-auth'.
|
||||||
|
|
||||||
-n, --netmask=SIZE SIZE defines the subnet size in bytes to be analyzed.
|
-n, --netmask=SIZE SIZE defines the subnet size in bytes to
|
||||||
Valid values are:
|
be analyzed.
|
||||||
- 1 or 8 for class A networks (X.0.0.0/8)
|
Valid values are:
|
||||||
- 2 or 16 for class B networks (X.X.0.0/16)
|
- 1 or 8 for class A networks (X.0.0.0/8)
|
||||||
- 3 or 24 for class C networks (X.X.X.0/24)
|
- 2 or 16 for class B networks (X.X.0.0/16)
|
||||||
- 4 or 32 for class D networks (X.X.X.X/32)
|
- 3 or 24 for class C networks (X.X.X.0/24)
|
||||||
|
- 4 or 32 for class D networks (X.X.X.X/32)
|
||||||
|
|
||||||
-p, --port=PORT The desired port to monitor.
|
-p, --port=PORT The desired port to monitor.
|
||||||
Defaults to 443 (https).
|
Defaults to 443 (https).
|
||||||
|
|
||||||
-h, --help Show this help message
|
-h, --help Show this help message
|
||||||
|
|
||||||
Mandatory or optional arguments to long options are also mandatory or optional
|
Mandatory or optional arguments to long options are also mandatory or optional
|
||||||
for any corresponding short options.
|
for any corresponding short options.
|
||||||
|
|
@ -174,7 +180,11 @@ function parse_command_line_args() {
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
'-c'|'--country')
|
'-c'|'--country')
|
||||||
bancountry="$2"
|
IFS=',' read -ra bancountries <<< "$2"
|
||||||
|
if [[ -z ${bancountries[@]// } ]] ; then
|
||||||
|
echo "Invalid argument for parameter 'country': '$2'. Invoke with --help for help." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
'-d'|'--database')
|
'-d'|'--database')
|
||||||
|
|
@ -320,16 +330,16 @@ function process_file () {
|
||||||
set_highlight_color "${count}"
|
set_highlight_color "${count}"
|
||||||
country="$("${curdir}/geoip-lookup.py" -f "${database}" "${addronly}")"
|
country="$("${curdir}/geoip-lookup.py" -f "${database}" "${addronly}")"
|
||||||
if [[ autopilot -eq 0 ]] ; then
|
if [[ autopilot -eq 0 ]] ; then
|
||||||
echo "Country: '${country}'"
|
echo "Country: '${yellow}${country}${reset}'"
|
||||||
fi
|
fi
|
||||||
echo -n "Address ${bold}$((nline++)) of ${nlines}${reset}: \
|
echo -n "Address ${bold}$((nline++)) of ${nlines}${reset}: \
|
||||||
Found '${blue}${addrwithsuffix}${reset}' ${hilite}${count}${reset} times."
|
Found '${blue}${addrwithsuffix}${reset}' ${hilite}${count}${reset} times."
|
||||||
|
|
||||||
if [[ ${autopilot} -eq 0 ]] ; then
|
if [[ ${autopilot} -eq 0 ]] ; then
|
||||||
echo -n "Ban [y/N/s=No, and skip remaining]? "
|
echo -n " Ban [y/N/s=No, and skip remaining]? "
|
||||||
read banaction
|
read banaction
|
||||||
else
|
else
|
||||||
if [[ "${country}" == "${bancountry}" ]] ; then
|
if [[ " ${bancountries[@]} " =~ " ${country} " ]] ; then
|
||||||
if [[ $count -ge $autopilot ]] ; then
|
if [[ $count -ge $autopilot ]] ; then
|
||||||
echo -en "\n${red}Autopilot active. ${reset}"
|
echo -en "\n${red}Autopilot active. ${reset}"
|
||||||
banaction=y
|
banaction=y
|
||||||
|
|
@ -356,11 +366,11 @@ skipping remaining addresses."
|
||||||
;;
|
;;
|
||||||
"y" | "Y" )
|
"y" | "Y" )
|
||||||
echo "Adding '${blue}${addrwithsuffix}${reset}' to \
|
echo "Adding '${blue}${addrwithsuffix}${reset}' to \
|
||||||
banlist."
|
banlist (country=${yellow}${country}${reset})."
|
||||||
echo "${addrwithsuffix}" >> "${banlist}"
|
echo "${addrwithsuffix}" >> "${banlist}"
|
||||||
;;
|
;;
|
||||||
"n" | "N" | * )
|
"n" | "N" | * )
|
||||||
echo "Not banning '${blue}${addrwithsuffix}${reset}' (country='${country}')."
|
echo "Not banning '${blue}${addrwithsuffix}${reset}' (country=${yellow}${country}${reset})."
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
# Here goes: Pipe the file contents via filedescriptor 3.
|
# Here goes: Pipe the file contents via filedescriptor 3.
|
||||||
|
|
@ -392,7 +402,7 @@ touch "${banlist}"
|
||||||
autopilot=0
|
autopilot=0
|
||||||
netmask=0
|
netmask=0
|
||||||
jail="apache-auth"
|
jail="apache-auth"
|
||||||
bancountry="CN"
|
bancountries=("CN")
|
||||||
database=
|
database=
|
||||||
port=443
|
port=443
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue