From 36e01a263d2862b695ee93707d82ebd566e21a1c Mon Sep 17 00:00:00 2001 From: Hisataka Kasuga Date: Wed, 13 Jan 2021 05:57:49 +0900 Subject: [PATCH] Fixed block-*-ssh.sh did not have target. --- block-ip/block-add-smtp.sh | 2 +- block-ip/block-add-ssh.sh | 6 +++--- block-ip/block-ip.md | 8 ++++---- block-ip/block-remove-smtp.sh | 2 +- block-ip/block-remove-ssh.sh | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/block-ip/block-add-smtp.sh b/block-ip/block-add-smtp.sh index c50a8e9..2c03692 100755 --- a/block-ip/block-add-smtp.sh +++ b/block-ip/block-add-smtp.sh @@ -16,7 +16,7 @@ do netaddr=$1 shift - echo "ban ${netaddr}" + echo "ban from ${netaddr}" sudo firewall-cmd --zone=drop --add-source=${netaddr} sudo firewall-cmd --permanent --zone=drop --add-source=${netaddr} done diff --git a/block-ip/block-add-ssh.sh b/block-ip/block-add-ssh.sh index 992427b..2609f3d 100755 --- a/block-ip/block-add-ssh.sh +++ b/block-ip/block-add-ssh.sh @@ -39,8 +39,8 @@ do netaddr=$1 shift - echo "ban ${netaddr}" - sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} - sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} + echo "ban ${netaddr} to SSH" + sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP + sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP done diff --git a/block-ip/block-ip.md b/block-ip/block-ip.md index df8c718..af3887a 100644 --- a/block-ip/block-ip.md +++ b/block-ip/block-ip.md @@ -28,14 +28,14 @@ ban access to SSH, for big ISPs ### ban per network - sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 - sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 + sudo firewall-cmd --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP + sudo firewall-cmd --permanent --direct --add-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP ### unban per network - sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 - sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 + sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP + sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh 1 -s 63.224.0.0/13 -j DROP list banned diff --git a/block-ip/block-remove-smtp.sh b/block-ip/block-remove-smtp.sh index df3f36e..b188248 100755 --- a/block-ip/block-remove-smtp.sh +++ b/block-ip/block-remove-smtp.sh @@ -16,7 +16,7 @@ do netaddr=$1 shift - echo "ban ${netaddr}" + echo "unban from ${netaddr}" sudo firewall-cmd --zone=drop --remove-source=${netaddr} sudo firewall-cmd --permanent --zone=drop --remove-source=${netaddr} done diff --git a/block-ip/block-remove-ssh.sh b/block-ip/block-remove-ssh.sh index 9872aa7..3cf1880 100755 --- a/block-ip/block-remove-ssh.sh +++ b/block-ip/block-remove-ssh.sh @@ -39,8 +39,8 @@ do netaddr=$1 shift - echo "ban ${netaddr}" - sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} - sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} + echo "unban ${netaddr} to SSH" + sudo firewall-cmd --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP + sudo firewall-cmd --permanent --direct --remove-rule ipv4 filter nabium-ssh ${prio} -s ${netaddr} -j DROP done -- 2.24.4