Fixed block-*-ssh.sh did not have target.

author Hisataka Kasuga <hkasuga@nabium.com>

Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)

committer Hisataka Kasuga <hkasuga@nabium.com>

Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)
author Hisataka Kasuga <hkasuga@nabium.com>
Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)
committer Hisataka Kasuga <hkasuga@nabium.com>
Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)
diff --git a/block-ip/block-add-smtp.sh b/block-ip/block-add-smtp.sh

index c50a8e9f34691bb74d29bcc1ae84cdb1564436ba..2c03692b49cd1658a7e7f73e06ff9218ef0701af 100755 (executable)
--- a/block-ip/block-add-smtp.sh
+++ b/block-ip/block-add-smtp.sh
@@ -16,7 +16,7 @@ do
      netaddr=$1
      shift
  
      netaddr=$1
      shift
  
-    echo "ban ${netaddr}"
+    echo "ban from ${netaddr}"
      sudo firewall-cmd --zone=drop --add-source=${netaddr}
      sudo firewall-cmd --permanent --zone=drop --add-source=${netaddr}
  done
      sudo firewall-cmd --zone=drop --add-source=${netaddr}
      sudo firewall-cmd --permanent --zone=drop --add-source=${netaddr}
  done
diff --git a/block-ip/block-add-ssh.sh b/block-ip/block-add-ssh.sh

index 992427b84338591b15528adedffe9c0b40b80ce2..2609f3d001a8e8c9d5d8d2387b43f7f33758400b 100755 (executable)
--- a/block-ip/block-add-ssh.sh
+++ b/block-ip/block-add-ssh.sh
@@ -39,8 +39,8 @@ do
      netaddr=$1
      shift
  
      netaddr=$1
      shift
  
-    echo "ban ${netaddr}"
-    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
-    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
+    echo "ban ${netaddr} to SSH"
+    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
+    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
  done
  
  done
  
diff --git a/block-ip/block-ip.md b/block-ip/block-ip.md

index df8c718c533b7f9305f3bd9a77ca938023fe007f..af3887a4509e952d3c738403e7be00d7b5c467de 100644 (file)
--- a/block-ip/block-ip.md
+++ b/block-ip/block-ip.md
@@ -28,14 +28,14 @@ ban access to SSH, for big ISPs
  
  ### ban per network
  
  
  ### ban per network
  
-    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
-    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
+    sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
+    sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
  
  
  ### unban per network
  
  
  
  ### unban per network
  
-    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
-    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13
+    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
+    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP
  
  
  list banned
  
  
  list banned
diff --git a/block-ip/block-remove-smtp.sh b/block-ip/block-remove-smtp.sh

index df3f36e77316f7c287dbd4ddfb98805ad920ca45..b18824815a780d825940424444ac1ddeb59de276 100755 (executable)
--- a/block-ip/block-remove-smtp.sh
+++ b/block-ip/block-remove-smtp.sh
@@ -16,7 +16,7 @@ do
      netaddr=$1
      shift
  
      netaddr=$1
      shift
  
-    echo "ban ${netaddr}"
+    echo "unban from ${netaddr}"
      sudo firewall-cmd --zone=drop --remove-source=${netaddr}
      sudo firewall-cmd --permanent --zone=drop --remove-source=${netaddr}
  done
      sudo firewall-cmd --zone=drop --remove-source=${netaddr}
      sudo firewall-cmd --permanent --zone=drop --remove-source=${netaddr}
  done
diff --git a/block-ip/block-remove-ssh.sh b/block-ip/block-remove-ssh.sh

index 9872aa741ec62fe13905d5a6fb6845f8b82d1c29..3cf1880cd104a29d82ca8c34a957f778e7d19130 100755 (executable)
--- a/block-ip/block-remove-ssh.sh
+++ b/block-ip/block-remove-ssh.sh
@@ -39,8 +39,8 @@ do
      netaddr=$1
      shift
  
      netaddr=$1
      shift
  
-    echo "ban ${netaddr}"
-    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
-    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr}
+    echo "unban ${netaddr} to SSH"
+    sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
+    sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP
  done
  
  done
author	Hisataka Kasuga <hkasuga@nabium.com>
	Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)
committer	Hisataka Kasuga <hkasuga@nabium.com>
	Tue, 12 Jan 2021 20:57:49 +0000 (05:57 +0900)
block-ip/block-add-smtp.sh		patch \| blob \| history
block-ip/block-add-ssh.sh		patch \| blob \| history
block-ip/block-ip.md		patch \| blob \| history
block-ip/block-remove-smtp.sh		patch \| blob \| history
block-ip/block-remove-ssh.sh		patch \| blob \| history