Skip to content

Instantly share code, notes, and snippets.

@raidzero
Created June 7, 2016 19:29
Show Gist options
  • Save raidzero/0a8756587fa68114547f9b4c45691b45 to your computer and use it in GitHub Desktop.
Save raidzero/0a8756587fa68114547f9b4c45691b45 to your computer and use it in GitHub Desktop.
Auto block port scanners from openvpn server
#!/bin/bash
# this parses the openvpn connection log for any suspected attackers and blocks them, also uses geoiplookup to show the country :)
LIST=$1
COUNT=0
for IP in `cat /var/log/openvpn.log | grep attack | grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | sort -u`; do
LOCATION=`geoiplookup $IP | awk -F ": " '{print$2}'`
if [ -z "$LIST" ]; then
# check for existing rule
iptables -C INPUT -s $IP -j DROP &> /dev/null
if [ $? -ne 0 ]; then
iptables -A INPUT -s $IP -j DROP # add rule
echo "Blocked IP: $IP ($LOCATION)"
let COUNT+=1
fi
else
echo "Evil IP: $IP ($LOCATION)"
let COUNT+=1
fi
done
if [ -z "$LIST" ]; then
echo "Blocked $COUNT IP addresses"
else
echo "$COUNT Evil IP addresses"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment