Hi Tony, thanks But not so much looking for a solution to block ips. I’m needing to identify which ips to block
On Sat, 18 Apr 2020 at 8:19 pm, Tony White <[email protected]> wrote: > Or this... > > -- snip -- > #!/bin/bash > logf="/var/log/blockip.log" > mdate=`date +%c` > mip=$1 > ### must be root ### > if [ `whoami` != "root" ]; then > echo "" > echo "$0 must be run as root" > echo "" > exit 1 > fi; > > if [ $mip == "--help" ]; then > echo "========================================" > echo "Help: Block single and subnet IP's" > echo "========================================" > echo "blockip 130.2.1.1" > echo "blockip 130.2.1.0/24" > echo "----------------------------------------" > exit 1 > fi; > > mip1=${mip:0:6}; > # your lan range if needed or comment out > if [ $mip1 == "192.168.1." ]; then # change ip to suit > echo "$mdate Discarding LAN drop request for $mip1" >> $logf > exit 1 > fi; > > > # whitelist special clients... > # change the IP.ADDR.ESS to suit. > # comment out to remove > if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == > "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ > $mip == "IP.ADDR.ESS" ] ; then > echo "$mdate Discarding WAN drop request for $mip" >> $logf > echo "$mdate Discarding WAN drop request for $mip" > exit 1 > fi; > > export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin > is_ip="grep -Ec > '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'" > > if [ `echo $mip |eval $is_ip` != "1" ]; then > echo "$mdate Error in IP address $mip" >> $logf > echo "$mdate Error in IP address $mip" > else > iptables -I INPUT -s $mip -j DROP > echo "iptables -I INPUT -s $mip -j DROP" > echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips > echo "$mdate now dropping all packets from $mip" >> $logf > fi; > -- snip -- > > best wishes > Tony White > > On 18/4/20 8:09 pm, Tony White wrote: > > > Hi David, > > Sorry try this instead... > > > > -- snip -- > > #!/bin/sh > > logf="/var/log/blacklist_ip.log" > > mdate=`date +%c` > > ### must be root ### > > if [ `whoami` != "root" ]; then > > echo "" > > echo "$0 must be ran as root" > > echo "" > > exit 1 > > fi > > export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin > > is_ip="grep -Ec > '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'" > > > > if [ `echo $1 |eval $is_ip` != "1" ]; then > > echo "$mdate Error in IP address $1" >> $logf > > else > > echo "$1" >> /opt/spamdyke/etc/blacklist_ip > > echo "$mdate now dropping all packets from $1" >> $logf > > fi > > --snip -- > > > > best wishes > > Tony White > > On 18/4/20 8:04 pm, Tony White wrote: > > > >> Hi David, > >> Try using this little script... > >> > >> -- snip -- > >> #!/bin/bash > >> logf="/var/log/blockip.log" > >> mdate=`date +%c` > >> mip=$1 > >> ### must be root ### > >> if [ `whoami` != "root" ]; then > >> echo "" > >> echo "$0 must be run as root" > >> echo "" > >> exit 1 > >> fi; > >> > >> if [ $mip == "--help" ]; then > >> echo "========================================" > >> echo "Help: Block single and subnet IP's" > >> echo "========================================" > >> echo "blockip 132.2.1.1" > >> echo "blockip 132.1.0/24" > >> echo "----------------------------------------" > >> exit 1 > >> fi; > >> > >> -- snip -- > >> > >> worked for me forever... > >> Use qtp watchall to monitor the logs and use th output to manually > block ips or subnets > >> > >> If you need more hit me off list. > >> > >> best wishes > >> Tony White > >> On 18/4/20 2:59 pm, David Bray wrote: > >> > >>> I can see I'm getting hammered on my smtps port > >>> > >>> How can I mitigate this? > >>> > >>> I can see the IP's in /var/log/qmail/smtps/current > >>> > >>> *but where do I actually see that the smtp auth actually fails ?* > >>> > >>> or do I need to increase the logging somewhere ? > >>> > >>> if I tail -f /var/log/dovecot.log > >>> > >>> I can see the imap and pop failures > >>> > >>> thanks in advance > >>> > >>> David Bray > >>> 0418 745334 > >>> 2 ∞ & < > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: > [email protected] > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- # David
