Fixed block-*-ssh.sh did not have target.

diff --git a/block-ip/block-add-smtp.sh b/block-ip/block-add-smtp.sh
index c50a8e9f34691bb74d29bcc1ae84cdb1564436ba..2c03692b49cd1658a7e7f73e06ff9218ef0701af 100755 (executable)
--- a/block-ip/block-add-smtp.sh
+++ b/block-ip/block-add-smtp.sh
@@ -16,7 +16,7 @@ do
     netaddr=$1
     shift
 
-    echo "ban ${netaddr}"
+    echo "ban from ${netaddr}"
     sudo firewall-cmd --zone=drop --add-source=${netaddr}
     sudo firewall-cmd --permanent --zone=drop --add-source=${netaddr}
 done

diff --git a/block-ip/block-add-ssh.sh b/block-ip/block-add-ssh.sh
index 992427b84338591b15528adedffe9c0b40b80ce2..2609f3d001a8e8c9d5d8d2387b43f7f33758400b 100755 (executable)
--- a/block-ip/block-add-ssh.sh
+++ b/block-ip/block-add-ssh.sh
@@ -39,8 +39,8 @@ do
     netaddr=$1
     shift
 
-    echo "ban ${netaddr}"
-    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
-    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
+    echo "ban ${netaddr} to SSH"
+    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
+    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
 done
 

diff --git a/block-ip/block-ip.md b/block-ip/block-ip.md
index df8c718c533b7f9305f3bd9a77ca938023fe007f..af3887a4509e952d3c738403e7be00d7b5c467de 100644 (file)
--- a/block-ip/block-ip.md
+++ b/block-ip/block-ip.md
@@ -28,14 +28,14 @@ ban access to SSH, for big ISPs
 
 ### ban per network
 
-    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
-    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
+    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
+    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
 
 
 ### unban per network
 
-    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
-    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
+    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
+    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
 
 
 list banned

diff --git a/block-ip/block-remove-smtp.sh b/block-ip/block-remove-smtp.sh
index df3f36e77316f7c287dbd4ddfb98805ad920ca45..b18824815a780d825940424444ac1ddeb59de276 100755 (executable)
--- a/block-ip/block-remove-smtp.sh
+++ b/block-ip/block-remove-smtp.sh
@@ -16,7 +16,7 @@ do
     netaddr=$1
     shift
 
-    echo "ban ${netaddr}"
+    echo "unban from ${netaddr}"
     sudo firewall-cmd --zone=drop --remove-source=${netaddr}
     sudo firewall-cmd --permanent --zone=drop --remove-source=${netaddr}
 done

diff --git a/block-ip/block-remove-ssh.sh b/block-ip/block-remove-ssh.sh
index 9872aa741ec62fe13905d5a6fb6845f8b82d1c29..3cf1880cd104a29d82ca8c34a957f778e7d19130 100755 (executable)
--- a/block-ip/block-remove-ssh.sh
+++ b/block-ip/block-remove-ssh.sh
@@ -39,8 +39,8 @@ do
     netaddr=$1
     shift
 
-    echo "ban ${netaddr}"
-    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
-    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
+    echo "unban ${netaddr} to SSH"
+    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
+    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
 done