Block IP Script

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
View previous topic :: View next topic  
Author Message
Sanch3z
DD-WRT Novice


Joined: 13 Jul 2017
Posts: 23
PostPosted: Tue Jul 16, 2019 10:00    Post subject: Block IP Script Reply with quote
Hello,

This script checks for failed logins and blocks IP addresses.I need to modify this script to also include local addresses as "192.168." not exclude.

And also add an option for blocking ip address after entering wrong login 3x (three times).

The scripts are stored in the jffs

Code:
#!/bin/sh

############################################################
#
# check_brute_force
# Checks for failed logins and blocks IP addresses
#
############################################################

IP=`awk -F'[ :]' '/login attempt/ {print $(NF-1)}' /var/log/messages | tail -1`
rc=0

# Do nothing if there is an existing rule for this IP address
if `iptables -L -n | grep $IP > /dev/null 2>&1`; then
    exit 0
fi

case $IP in
    "") # Do nothing with empty IP
    ;;
    192.168*) # Exclude local LAN
    ;;
    *) # Add rule against intruding IP
    iptables -I INPUT -s $IP -j DROP
    RC=$?
    ;;
esac

exit $RC

# EOF


The second problem is adding firewall rules for SSH login limit.After adding this rule, I can't connect via ssh.

Code:

iptables -I INPUT 2 -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -j logreject
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12915
Location: Netherlands
PostPosted: Wed Jul 17, 2019 8:59    Post subject: Reply with quote
Wrong order?

The state NEW rule should be inserted last so that it is exectured first.
So try to switch order of rules.

The DDWRT GUI also has some settings for mititgating brute force
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum