README: links for EMG and Braxo
This commit is contained in:
parent
cd87d9b743
commit
1375369320
1 changed files with 9 additions and 5 deletions
14
README.md
14
README.md
|
|
@ -1,7 +1,7 @@
|
|||
# AutoFW
|
||||
|
||||
This tool is inspired by fail2ban, but is simpler and less forgiving.
|
||||
You provide it with a list of whitelisted and blacklisted IP addresses and ranges, and its output is a list of command to blacklist slightly larger IP ranges covering multiple IP addresses.
|
||||
You provide it with a list of whitelisted and blacklisted IP addresses and ranges, and its output is a list of commands to blacklist slightly larger IP ranges covering multiple IP addresses.
|
||||
|
||||
It assumes UFW for now.
|
||||
|
||||
|
|
@ -23,21 +23,25 @@ We use CMake.
|
|||
- `cmake .`
|
||||
- `make`
|
||||
|
||||
Some functions are perhaps overly general, but that is because they are taken directly from the [EMG|https://nordicmessaging.se] source code.
|
||||
|
||||
## Usage
|
||||
|
||||
Initially, create a file autofw.whitelist, containing IP addresses and ranges that should always be allowed to connect.
|
||||
First you create a file autofw.whitelist, containing IP addresses and ranges that should always be allowed to connect to your server.
|
||||
|
||||
Create a script that performs the tasks below. This can be run by cron.
|
||||
Then create a script that performs the tasks below. This can be run by cron.
|
||||
|
||||
1. Collect all IP addresses and ranges to block into a new file, say `autofw.badips`. It may be a good idea to filter out entries in the whitelist.
|
||||
1. Run `ufw insert 1 deny from $ip` for each entry in `autofw.badips`. The ufw tool will automatically ignore duplicates.
|
||||
1. Collect all blacklisted addresses using the following command:
|
||||
``ufw status verbose | grep DENY | awk '{print $4}' > autofw.blacklist``
|
||||
1. Run `./autofw > ufw.updates`.
|
||||
1. Run the `ufw.updates` script.
|
||||
1. Run the `./ufw.updates` script.
|
||||
1. Finally run `ufw reload` to activate the new rules.
|
||||
|
||||
Both the whitelist and blacklist can contain both individual IP addresses and ranges on the form a.b.c.d/e, where e is between 0 and 32.
|
||||
In our own installation at [Braxo|https://braxo.se] we also sort the list of bad IP addresses and remove duplicates, between steps 1 and 2.
|
||||
This way we can easily know if something has changed, or if we can just skip the rest of the steps.
|
||||
|
||||
To block machines trying to attack your SMTP server sending invalid commands, you can use a command such as the one below.
|
||||
Then simply add additional commands as needed, based on your own log files from whatever applications you are running.
|
||||
|
|
@ -48,7 +52,7 @@ Then simply add additional commands as needed, based on your own log files from
|
|||
tr '[]' ' ' |
|
||||
awk '{print $2}' >> autofw.badips
|
||||
|
||||
If you run `insert deny from x.y.z.w` manually at some point, that IP will stay blocked.
|
||||
If you run `ufw insert 1 deny from x.y.z.w` manually at some point, that IP will stay blocked.
|
||||
It will then possibly be merged with any of the other blocked IP addresses.
|
||||
|
||||
The output from `./autofw` is a list of UFW commands.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue