From 7c8c9cedd0e6807235981e497e848d3efb596dfb Mon Sep 17 00:00:00 2001
From: toast-ts <96593068+toast-ts@users.noreply.github.com>
Date: Sun, 21 Jan 2024 21:50:29 +1100
Subject: [PATCH] Block vulnerability scanners from attacking the host.

---
 .gitignore   |  1 +
 ufwReject.sh | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 ufwReject.sh

diff --git a/.gitignore b/.gitignore
index 772e11c..7df15e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .env
+ips.txt
 # Yarn stuff
 .yarn
 # TypeScript stuff
diff --git a/ufwReject.sh b/ufwReject.sh
new file mode 100644
index 0000000..daf7f75
--- /dev/null
+++ b/ufwReject.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run this script as root or sudo"
+  exit 1
+fi
+
+# Store the IP addresses in a file
+IP_ADDRESSES_STORE="ips.txt"
+
+# Scan the kernel log for IP addresses and store them in a file
+dmesg | grep 'SRC=' | awk -F'SRC=' '{ print $2 }' | awk '{ print $1 }' | sort | uniq | head -n 5000 > "$IP_ADDRESSES_STORE"
+
+# Populate the UFW reject rule with the IP addresses collected from the kernel log
+while IFS= read -r ip
+do
+  # Check if the IP is already in the UFW rules
+  if ! ufw status | grep -q "$ip"
+  then
+    ufw reject from $ip
+  fi
+done < "$IP_ADDRESSES_STORE"
+
+echo "Done populating UFW reject rule"
+exit 0