2024-01-21 05:50:29 -05:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
|
|
|
echo "Please run this script as root or sudo"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Store the IP addresses in a file
|
|
|
|
|
IP_ADDRESSES_STORE="ips.txt"
|
|
|
|
|
|
|
|
|
|
# Scan the kernel log for IP addresses and store them in a file
|
|
|
|
|
dmesg | grep 'SRC=' | awk -F'SRC=' '{ print $2 }' | awk '{ print $1 }' | sort | uniq | head -n 5000 > "$IP_ADDRESSES_STORE"
|
|
|
|
|
|
2024-01-21 07:01:24 -05:00
|
|
|
# Initialize a counter for new IPs
|
|
|
|
|
new_ips=0
|
|
|
|
|
|
2024-01-21 05:50:29 -05:00
|
|
|
# Populate the UFW reject rule with the IP addresses collected from the kernel log
|
|
|
|
|
while IFS= read -r ip
|
|
|
|
|
do
|
2024-01-21 22:42:08 -05:00
|
|
|
ip_prefix="${ip%.*}"
|
2024-01-21 05:50:29 -05:00
|
|
|
# Check if the IP is already in the UFW rules
|
2024-01-21 22:42:08 -05:00
|
|
|
if ! ufw status | grep -q "$ip" && [ "$ip_prefix" != "${TOAST_IP%.*}" ]
|
2024-01-21 05:50:29 -05:00
|
|
|
then
|
|
|
|
|
ufw reject from $ip
|
2024-01-21 07:01:24 -05:00
|
|
|
# Increment the counter
|
|
|
|
|
((new_ips++))
|
2024-01-21 05:50:29 -05:00
|
|
|
fi
|
|
|
|
|
done < "$IP_ADDRESSES_STORE"
|
|
|
|
|
|
|
|
|
|
echo "Done populating UFW reject rule"
|
2024-01-21 07:01:24 -05:00
|
|
|
echo "$new_ips IP addresses were added"
|
2024-01-21 05:50:29 -05:00
|
|
|
exit 0
|
