AR2000/crowdsec-legacy-firewall-bouncer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity
Files
dev
crowdsec-legacy-firewall-bo…/bouncer.sh
AR2000 1feac5e60d refactoring + golang 1.24.1
2025-05-25 17:14:37 +02:00

87 lines
2.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
#
# Script to add /remove IPs to iptables
set -euo pipefail
main() (
while read -r line; do
# echo processAction "$(echo "$line" | jq -r '.action')" \
# "$(echo "$line" | jq -r .value)" \
# "$(echo "$line" | jq -r .duration)" \
# "$(echo "$line" | jq -r .scenario)" |
# tee bouncer.sh.out
processAction "$(echo "$line" | jq -r .action)" \
"$(echo "$line" | jq -r .value)" \
"$(echo "$line" | jq -r .duration)" \
"$(echo "$line" | jq -r .scenario)"
done
#{"duration":"-1h1m9s","origin":"CAPI","scenario":"crowdsecurity/ssh-bf","scope":"Ip","type":"ban","value":"122.117.32.192","id":22739513,"action":"del"}
)
: "${IPTABLES_CHAIN:=INPUT}"
function processAction() {
if [[ -n "${IPTABLES_COMMENT}" ]]; then
comment="-m comment --comment \"$4\""
else
comment=""
fi
#determine action
if [ "$1" = "add" ]; then #add
if [[ "$2" =~ .*[.].* ]]; then #ipv4
echo "add $2 for $3 with $4"
iptablesAdd "$2"
elif [[ "$2" =~ .*[:].* ]]; then #ipv6
echo "IPV6 : add $2 for $3 with $4"
ip6tableAdd "$2"
fi
elif [ "$1" = "del" ]; then #del
if [[ "$2" =~ .*[.].* ]]; then #ipv4
echo "del $2 for $3 with $4"
iptablesDel "$2"
elif [[ "$2" =~ .*[:].* ]]; then #ipv6
echo "IPV6 : add $2 for $3 with $4"
ip6tableDel "$2"
fi
else
echo "unknown action"
fi
}
function iptablesAdd() (
#check if the rule already exist
if ! iptables "$comment" -C "$IPTABLES_CHAIN" -s "$1" -j DROP; then
#do we insert at a $IPTABLES_INSERT position or append to the chain
if [[ -z "${IPTABLES_INSERT}" ]]; then
iptables "$comment" -A "$IPTABLES_CHAIN" -s "$1" -j DROP
else
iptables "$comment" -I "$IPTABLES_CHAIN" "$IPTABLES_INSERT" -s "$1" -j DROP
fi
fi
)
function ip6tableAdd() (
#check if the rule already exist
if ! ip6tables "$comment" -C "$IPTABLES_CHAIN" -s "$1" -j DROP; then
#do we insert at a $IPTABLES_INSERT position or append to the chain
if [[ -z "${IPTABLES_INSERT}" ]]; then
ip6tables "$comment" -A "$IPTABLES_CHAIN" -s "$1" -j DROP
else
ip6tables "$comment" -I "$IPTABLES_CHAIN" "$IPTABLES_INSERT" -s "$1" -j DROP
fi
fi
)
function iptablesDel() (
iptables "$comment" -D "$IPTABLES_CHAIN" -s "$1" -j DROP
)
function ip6tableDel() (
ip6tables "$comment" -D "$IPTABLES_CHAIN" -s "$1" -j DROP
)
main "$@"
Reference in New Issue View Git Blame Copy Permalink