Hi Tony, thanks
But not so much looking for a solution to block ips.

I’m needing to identify which ips to block

On Sat, 18 Apr 2020 at 8:19 pm, Tony White <t...@ycs.com.au> wrote:

> Or this...
>
> -- snip --
> #!/bin/bash
> logf="/var/log/blockip.log"
> mdate=`date +%c`
> mip=$1
> ### must be root ###
> if [ `whoami` != "root" ]; then
>          echo ""
>          echo "$0 must be run as root"
>          echo ""
>          exit 1
> fi;
>
> if [ $mip == "--help" ]; then
>    echo "========================================"
>    echo "Help: Block single and subnet IP's"
>    echo "========================================"
>    echo "blockip 130.2.1.1"
>    echo "blockip 130.2.1.0/24"
>    echo "----------------------------------------"
>    exit 1
> fi;
>
> mip1=${mip:0:6};
> # your lan range if needed or comment out
> if [ $mip1 == "192.168.1." ]; then  # change ip to suit
>    echo "$mdate Discarding LAN drop request for $mip1" >> $logf
>    exit 1
> fi;
>
>
> # whitelist special clients...
> # change the IP.ADDR.ESS to suit.
> # comment out to remove
> if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip ==
> "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [
> $mip == "IP.ADDR.ESS" ] ; then
>    echo "$mdate Discarding WAN drop request for $mip" >> $logf
>    echo "$mdate Discarding WAN drop request for $mip"
>    exit 1
> fi;
>
> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> is_ip="grep -Ec
> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>
> if [ `echo $mip |eval $is_ip` != "1" ]; then
>    echo "$mdate Error in IP address $mip" >> $logf
>    echo "$mdate Error in IP address $mip"
> else
>    iptables -I INPUT -s $mip -j DROP
>    echo "iptables -I INPUT -s $mip -j DROP"
>    echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
>    echo "$mdate now dropping all packets from $mip" >> $logf
> fi;
> -- snip --
>
> best wishes
>    Tony White
>
> On 18/4/20 8:09 pm, Tony White wrote:
>
> > Hi David,
> >   Sorry try this instead...
> >
> > -- snip --
> > #!/bin/sh
> > logf="/var/log/blacklist_ip.log"
> > mdate=`date +%c`
> > ### must be root ###
> > if [ `whoami` != "root" ]; then
> >         echo ""
> >         echo "$0 must be ran as root"
> >         echo ""
> >         exit 1
> > fi
> > export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
> > is_ip="grep -Ec
> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
> >
> > if [ `echo $1 |eval $is_ip` != "1" ]; then
> > echo "$mdate Error in IP address $1" >> $logf
> > else
> > echo "$1" >> /opt/spamdyke/etc/blacklist_ip
> > echo "$mdate now dropping all packets from $1" >> $logf
> > fi
> > --snip --
> >
> > best wishes
> >   Tony White
> > On 18/4/20 8:04 pm, Tony White wrote:
> >
> >> Hi David,
> >>   Try using this little script...
> >>
> >> -- snip --
> >> #!/bin/bash
> >> logf="/var/log/blockip.log"
> >> mdate=`date +%c`
> >> mip=$1
> >> ### must be root ###
> >> if [ `whoami` != "root" ]; then
> >>         echo ""
> >>         echo "$0 must be run as root"
> >>         echo ""
> >>         exit 1
> >> fi;
> >>
> >> if [ $mip == "--help" ]; then
> >>   echo "========================================"
> >>   echo "Help: Block single and subnet IP's"
> >>   echo "========================================"
> >>   echo "blockip 132.2.1.1"
> >>   echo "blockip 132.1.0/24"
> >>   echo "----------------------------------------"
> >>   exit 1
> >> fi;
> >>
> >> -- snip --
> >>
> >> worked for me forever...
> >> Use qtp watchall to monitor the logs and use th output to manually
> block ips or subnets
> >>
> >> If you need more hit me off list.
> >>
> >> best wishes
> >>   Tony White
> >> On 18/4/20 2:59 pm, David Bray wrote:
> >>
> >>> I can see I'm getting hammered on my smtps port
> >>>
> >>> How can I mitigate this?
> >>>
> >>> I can see the IP's in /var/log/qmail/smtps/current
> >>>
> >>> *but where do I actually see that the smtp auth actually fails ?*
> >>>
> >>> or do I need to increase the logging somewhere ?
> >>>
> >>> if I tail -f /var/log/dovecot.log
> >>>
> >>> I can see the imap and pop failures
> >>>
> >>> thanks in advance
> >>>
> >>> David Bray
> >>> 0418 745334
> >>> 2 ∞ & <
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> >> For additional commands, e-mail:
> qmailtoaster-list-h...@qmailtoaster.com
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
> --
# David

Reply via email to