├── LICENSE ├── Makefile ├── README.md ├── freebsd └── usr │ └── local │ ├── etc │ ├── blockor.conf │ └── rc.d │ │ └── blockord │ ├── man │ └── man8 │ │ └── blockor.8.gz │ └── share │ └── examples │ └── blockor │ └── blockor.example.conf ├── images └── blockor.png ├── openbsd ├── etc │ └── rc.d │ │ └── blockord └── usr │ └── local │ ├── etc │ └── blockor.conf │ ├── man │ └── man8 │ │ └── blockor.8.gz │ └── share │ └── examples │ └── blockor │ └── blockor.sample.conf └── usr └── local ├── bin └── blockor └── libexec └── blockor └── blockord.sh /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2022, Muktadiur Rahman 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: install 2 | install: 3 | @echo "Installing blockor" 4 | @if [ `uname -s | tr 'A-Z' 'a-z'` = "openbsd" ]; then \ 5 | cp -Rv openbsd/usr / ; \ 6 | cp -Rv openbsd/etc / ; \ 7 | else \ 8 | cp -Rv freebsd/usr / ; \ 9 | fi 10 | @cp -Rv usr / 11 | @echo "Successfully installed" 12 | 13 | .PHONY: uninstall 14 | uninstall: 15 | @echo "Removing blockor" 16 | @if [ `uname -s | tr 'A-Z' 'a-z'` = "openbsd" ]; then \ 17 | rm -vf /etc/rc.d/blockord ; \ 18 | else \ 19 | rm -vf /usr/local/etc/rc.d/blockord ; \ 20 | fi 21 | @rm -vf /usr/local/bin/blockor 22 | @rm -vf /usr/local/libexec/blockord.sh 23 | @rm -vf /usr/local/etc/blockor.conf 24 | @rm -vf /usr/local/man/man8/blockor.8.gz 25 | @rm -rvf /usr/local/share/examples/blockor 26 | @echo "Successfully removed" -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Blockor 2 | Protect BSD Unix computer servers from brute-force attacks. It works on top of the OpenBSD Packet Filter(PF) firewall. 3 | 4 | ![Blockor](images/blockor.png) 5 | 6 | ## Prerequisites 7 | - BSD operating system: FreeBSD, OpenBSD with [ Packet Filter( PF ) ](https://www.openbsd.org/faq/pf/filter.html) enabled. 8 | 9 | ## Installation 10 | ``` 11 | git clone https://github.com/muktadiur/blockor.git 12 | 13 | # root|doas|sudo required. 14 | cd blockor 15 | make install 16 | ``` 17 | 18 | #### Start blockord at boot 19 | ``` 20 | blockor enable 21 | 22 | or 23 | sysrc blockord_enable=YES # FreeBSD 24 | rcctl enable blockord # OpenBSD 25 | ``` 26 | 27 | #### Add on /etc/pf.conf and run pfctl -f /etc/pf.conf 28 | ``` 29 | table persist 30 | block drop in quick on egress from to any 31 | ``` 32 | 33 | #### To remove blockor 34 | ``` 35 | make uninstall 36 | ``` 37 | 38 | ## Basic Commands 39 | ``` 40 | Blockor protects FreeBSD, OpenBSD servers from brute-force attacks. 41 | Usage: 42 | blockor command [args] 43 | Available Commands: 44 | check Check blockor.conf file and show config for /etc/pf.conf. 45 | start Start the blockord daemon. 46 | stop Stop the blockord daemon. 47 | restart Restart the blockord daemon. 48 | enable Start the blockord daemon at boot. 49 | disable Not start the blockord daemon at boot. 50 | add Add IP to blocked list. 51 | remove Remove IP from blocked list. 52 | flush Remove all entries from blocked list. 53 | list Show blocked list with the failed count. 54 | status Running or Stopped (enabled|disabled) 55 | Use "blockor -v|--version" for version info. 56 | ``` 57 | 58 | 59 | ## Example 60 | 61 | #### To check config. 62 | ``` 63 | bsd# blockor check 64 | blockor(ok) 65 | Add to /etc/pf.conf and run pfctl -f /etc/pf.conf(if not already done): 66 | table persist 67 | block drop in quick on egress from to any 68 | ``` 69 | 70 | #### To start blockord 71 | ``` 72 | bsd# blockor start 73 | blockord(running) 74 | ``` 75 | 76 | #### To stop blockord 77 | ``` 78 | bsd# blockor stop 79 | blockord(stopped) 80 | ``` 81 | 82 | #### To restart blockord 83 | ``` 84 | bsd# blockor restart 85 | blockord(stopped) 86 | blockord(running) 87 | ``` 88 | 89 | #### To remove an IP from blocked list 90 | ``` 91 | bsd# blockor remove 192.168.56.2 92 | blockor(removed) 93 | 94 | # or if multiple 95 | bsd# blockor remove 192.168.56.45 192.168.56.151 192.168.56.152 96 | blockor(removed) 97 | ``` 98 | 99 | #### To block(add) an IP manually 100 | ``` 101 | bsd# blockor add 192.168.56.2 102 | blockor(ok) 103 | 104 | # or if multiple 105 | bsd# blockor add 192.168.56.45 192.168.56.151 192.168.56.152 106 | blockor(ok) 107 | 108 | # whitelisted IP will be skipped. 109 | bsd# blockor add 192.168.56.20 110 | blockor(whitelisted. skipped. 192.168.56.20) 111 | ``` 112 | 113 | #### Check status (running|stopped) 114 | ``` 115 | bsd# blockor status 116 | blockord(running.enabled) 117 | 118 | enabled - will start at boot 119 | disabled - will not start at boot 120 | ``` 121 | 122 | #### Show blocked list 123 | ``` 124 | bsd# blockor list 125 | Total 1 IP(s) blocked 126 | 192.168.56.2 127 | count IP 128 | 11 192.168.56.2 129 | 2 192.168.56.30 130 | 1 192.168.56.21 131 | ``` 132 | 133 | #### Remove all entries from blocked list 134 | ``` 135 | bsd# blockor flush 136 | blockor(flushed) 137 | ``` 138 | 139 | ## /usr/local/etc/blockor.conf 140 | Change the value of blockor_whitelist, max_tolerance, and search_pattern. 141 | Better not to change others' values. 142 | ``` 143 | blockord="/usr/local/libexec/blockor/blockord.sh" 144 | blockor="/usr/local/bin/blockor" 145 | blockor_file="/tmp/blockor_blockedlist" 146 | blockor_log_file="/var/log/blockord.log" 147 | blockor_whitelist="192.168.56.20 192.168.56.102" 148 | search_pattern="Disconnected from authenticating user root|Failed password" 149 | max_tolerance=10 150 | 151 | auth_file="/var/log/auth.log" # FreeBSD 152 | auth_file="/var/log/authlog" # OpenBSD 153 | 154 | ``` 155 | 156 | #### max_tolerance=10 157 | ``` 158 | IP will be blocked when more than 10 failed activities. Change to any number. 159 | ``` 160 | #### search_pattern 161 | ``` 162 | Add any text pattern with delimiter | 163 | example: search_pattern="Bad protocol version identification|..other patterns" 164 | ``` 165 | #### blockor_whitelist 166 | ``` 167 | IP in blockor_whitelist will be excluded from blocking. Add IP with space-separated. 168 | blockor_whitelist="192.168.56.20 192.168.56.102" 169 | 170 | ``` 171 | 172 | 173 | ## Source code structure 174 | ``` 175 | ├── LICENSE 176 | ├── Makefile 177 | ├── README.md 178 | ├── freebsd 179 | │   ├── Makefile 180 | │   └── usr 181 | │   └── local 182 | │   ├── etc 183 | │   │   ├── blockor.conf 184 | │   │   └── rc.d 185 | │   │   └── blockord 186 | │   ├── man 187 | │   │   └── man8 188 | │   │   └── blockor.8.gz 189 | │   └── share 190 | │   └── examples 191 | │   └── blockor 192 | │   └── blockor.example.conf 193 | ├── images 194 | │   └── blockor.png 195 | ├── openbsd 196 | │   ├── Makefile 197 | │   ├── etc 198 | │   │   └── rc.d 199 | │   │   └── blockord 200 | │   └── usr 201 | │   └── local 202 | │   ├── etc 203 | │   │   └── blockor.conf 204 | │   ├── man 205 | │   │   └── man8 206 | │   │   └── blockor.8.gz 207 | │   └── share 208 | │   └── examples 209 | │   └── blockor 210 | │   └── blockor.sample.conf 211 | └── usr 212 | └── local 213 | ├── bin 214 | │   └── blockor 215 | └── libexec 216 | └── blockor 217 | └── blockord.sh 218 | 219 | ``` -------------------------------------------------------------------------------- /freebsd/usr/local/etc/blockor.conf: -------------------------------------------------------------------------------- 1 | blockord="/usr/local/libexec/blockor/blockord.sh" 2 | blockor="/usr/local/bin/blockor" 3 | blockor_file="/tmp/blockor_blockedlist" 4 | auth_file="/var/log/auth.log" 5 | blockor_log_file="/var/log/blockord.log" 6 | blockor_whitelist="" 7 | search_pattern="PAM: Authentication error|Failed password|Invalid user|Unable to negotiate with|Bad protocol version identification|Disconnected from authenticating user root" 8 | max_tolerance=10 9 | 10 | -------------------------------------------------------------------------------- /freebsd/usr/local/etc/rc.d/blockord: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2022-2022, Muktadiur Rahman 4 | # All rights reserved. 5 | 6 | # PROVIDE: blockor 7 | # REQUIRE: LOGIN 8 | # KEYWORD: shutdown 9 | 10 | . /etc/rc.subr 11 | . /usr/local/etc/blockor.conf 12 | 13 | name="blockord" 14 | rcvar="${name}_enable" 15 | 16 | load_rc_config ${name} 17 | 18 | : ${blockor_enable:=NO} 19 | 20 | start_cmd="blockor_start" 21 | stop_cmd="blockor_stop" 22 | restart_cmd="blockor_stop && blockor_start" 23 | 24 | blockor_start() { 25 | nohup $blockord > $blockor_log_file & 26 | echo "${name}(ok)" 27 | } 28 | 29 | blockor_stop() { 30 | ps ax | awk '/libexec/ && /blockord.sh/' | grep -v awk | awk '{print $1}' | xargs kill -9 31 | ps ax | awk '/tail -n 0 -f/ && /auth.?log/' | grep -v awk | awk '{print $1}' | xargs kill -9 32 | echo "${name}(stopped)" 33 | } 34 | 35 | run_rc_command $1 36 | -------------------------------------------------------------------------------- /freebsd/usr/local/man/man8/blockor.8.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/muktadiur/blockor/c6ccc0d767e965efca5d9107eee4a6bc22a6a555/freebsd/usr/local/man/man8/blockor.8.gz -------------------------------------------------------------------------------- /freebsd/usr/local/share/examples/blockor/blockor.example.conf: -------------------------------------------------------------------------------- 1 | blockord="/usr/local/libexec/blockor/blockord.sh" 2 | blockor="/usr/local/bin/blockor" 3 | blockor_file="/tmp/blockor_blockedlist" 4 | auth_file="/var/log/auth.log" 5 | blockor_log_file="/var/log/blockord.log" 6 | blockor_whitelist="192.168.56.20 192.168.56.102" 7 | search_pattern="PAM: Authentication error|Failed password|Invalid user|Unable to negotiate with|Bad protocol version identification|Disconnected from authenticating user root" 8 | max_tolerance=10 9 | 10 | -------------------------------------------------------------------------------- /images/blockor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/muktadiur/blockor/c6ccc0d767e965efca5d9107eee4a6bc22a6a555/images/blockor.png -------------------------------------------------------------------------------- /openbsd/etc/rc.d/blockord: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2022-2022, Muktadiur Rahman 4 | # All rights reserved. 5 | 6 | daemon="/usr/local/libexec/blockor/blockord.sh" 7 | 8 | . /etc/rc.d/rc.subr 9 | 10 | pexp="${daemon}" 11 | rc_reload=NO 12 | 13 | rc_start() { 14 | ${rcexec} "${daemon} &" 15 | } 16 | 17 | rc_stop() { 18 | blockor stop 19 | } 20 | 21 | rc_check() { 22 | daemon_count=$(ps ax | awk '/libexec/ && /blockord.sh/' | grep -v awk | wc -l) 23 | if [ $daemon_count -gt 0 ]; then 24 | return 0 25 | else 26 | return 1 27 | fi 28 | } 29 | 30 | rc_cmd $1 31 | 32 | -------------------------------------------------------------------------------- /openbsd/usr/local/etc/blockor.conf: -------------------------------------------------------------------------------- 1 | blockord="/usr/local/libexec/blockor/blockord.sh" 2 | blockor="/usr/local/bin/blockor" 3 | blockor_file="/tmp/blockor_blockedlist" 4 | auth_file="/var/log/authlog" 5 | blockor_log_file="/var/log/blockord.log" 6 | blockor_whitelist="" 7 | search_pattern="PAM: Authentication error|Failed password|Invalid user|Unable to negotiate with|Bad protocol version identification|Disconnected from authenticating user root" 8 | max_tolerance=10 9 | 10 | -------------------------------------------------------------------------------- /openbsd/usr/local/man/man8/blockor.8.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/muktadiur/blockor/c6ccc0d767e965efca5d9107eee4a6bc22a6a555/openbsd/usr/local/man/man8/blockor.8.gz -------------------------------------------------------------------------------- /openbsd/usr/local/share/examples/blockor/blockor.sample.conf: -------------------------------------------------------------------------------- 1 | blockord="/usr/local/libexec/blockor/blockord.sh" 2 | blockor="/usr/local/bin/blockor" 3 | blockor_sample_conf="/usr/local/share/examples/blockor/blockor.sample.conf" 4 | blockor_file="/tmp/blockor_blockedlist" 5 | auth_file="/var/log/authlog" 6 | blockor_log_file="/var/log/blockord.log" 7 | blockor_whitelist="192.168.56.20 192.168.56.102" 8 | search_pattern="PAM: Authentication error|Failed password|Invalid user|Unable to negotiate with|Bad protocol version identification|Disconnected from authenticating user root" 9 | max_tolerance=10 10 | 11 | -------------------------------------------------------------------------------- /usr/local/bin/blockor: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2022-2022, Muktadiur Rahman 4 | # All rights reserved. 5 | 6 | ## version 7 | version='0.1.2' 8 | 9 | PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin 10 | 11 | . /usr/local/etc/blockor.conf 12 | 13 | blockor_usage() { 14 | cat << EOF 15 | Blockor protects FreeBSD, OpenBSD servers from brute-force attacks. 16 | Usage: 17 | blockor command [args] 18 | Available Commands: 19 | check Check blockor.conf file and show config for /etc/pf.conf. 20 | start Start the blockord daemon. 21 | stop Stop the blockord daemon. 22 | restart Restart the blockord daemon. 23 | enable Start the blockord daemon at boot. 24 | disable Not start the blockord daemon at boot. 25 | add Add IP to blocked list. 26 | remove Remove IP from blocked list. 27 | flush Remove all entries from blocked list. 28 | list Show blocked list with the failed count. 29 | status Running or Stopped. 30 | Use "blockor -v|--version" for version information. 31 | EOF 32 | exit 1 33 | } 34 | 35 | permission_check() { 36 | if [ $(id -u) -ne 0 ]; then 37 | echo "blockor(permission denied). root|doas|sudo required" 38 | exit 1 39 | fi 40 | } 41 | 42 | blockor_version() { 43 | echo "blockor(${version})" 44 | exit 0 45 | } 46 | 47 | blockor_check() { 48 | blockor_conf="/usr/local/etc/blockor.conf" 49 | if [ ! -r $blockor_conf ]; then 50 | echo "blockor($blockor_conf not found)" 51 | echo "example: /usr/local/share/examples/blockor/blockor.example.conf" 52 | exit 1 53 | fi 54 | 55 | if [ ! -c "/dev/pf" ]; then 56 | echo "blockor(pf not enabled)" 57 | exit 1 58 | fi 59 | echo "blockor(ok)" 60 | cat < persist 63 | block drop in quick on egress from to any 64 | EOF 65 | exit 0 66 | } 67 | 68 | blockor_start() { 69 | if [ $(ps ax | awk '/libexec/ && /blockord.sh/' | grep -v awk | wc -l) -gt 0 ]; then 70 | echo 'blockord(already running)' 71 | exit 1 72 | fi 73 | nohup $blockord > $blockor_log_file & 74 | echo 'blockord(running)' 75 | } 76 | 77 | blockor_stop() { 78 | ps ax | awk '/libexec/ && /blockord.sh/' | grep -v awk | awk '{print $1}' | xargs kill -9 79 | ps ax | awk '/tail -n 0 -f/ && /auth.?log/' | grep -v awk | awk '{print $1}' | xargs kill -9 80 | echo 'blockord(stopped)' 81 | } 82 | 83 | blockor_add() { 84 | IP=$(echo ${1} | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}') 85 | check_whitelisted $IP 86 | if [ ! -z $IP ]; then 87 | pfctl -t blockor -q -T add $IP 88 | fi 89 | } 90 | 91 | check_whitelisted() { 92 | for white_ip in $(echo $blockor_whitelist); do 93 | if [ ${1} = "${white_ip}" ]; then 94 | echo 'blockor(whitelisted. skipped.' $white_ip')' 95 | fi 96 | done 97 | } 98 | 99 | blockor_remove() { 100 | IP=$(echo ${1} | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}') 101 | if [ ! -z $IP ]; then 102 | pfctl -t blockor -q -T delete $IP 103 | check_blockor_file 104 | OS=$(uname -s | tr '[A-Z]' '[a-z]') 105 | if [ $OS = 'openbsd' ]; then 106 | sed -i '/'"${IP}"'$/d' $blockor_file 107 | else 108 | sed -i '' '/'"${IP}"'$/d' $blockor_file 109 | fi 110 | fi 111 | } 112 | 113 | check_blockor_file() { 114 | if [ ! -f $blockor_file ]; then 115 | exit 1 116 | fi 117 | } 118 | 119 | blockor_flush() { 120 | pfctl -t blockor -q -T flush 121 | check_blockor_file 122 | cat /dev/null > $blockor_file 123 | echo 'blockor(flushed)' 124 | exit 0 125 | } 126 | 127 | blockor_list() { 128 | total=$(pfctl -t blockor -T show | wc -l) 129 | echo 'Total' $total 'IP(s) blocked' 130 | pfctl -t blockor -T show 131 | 132 | check_blockor_file 133 | 134 | echo "count IP" 135 | cat $blockor_file | sort | uniq -c | sort -nr 136 | exit 0 137 | } 138 | 139 | freebsd_status() { 140 | RC=$(cat /etc/rc.conf | grep blockord_enable | cut -d "=" -f2 | tr '[A-Z]' '[a-z]') 141 | case "$RC" in 142 | *yes*) 143 | echo 'blockord('${1}'.enabled)' 144 | ;; 145 | *) 146 | echo 'blockord('${1}'.disabled)' 147 | ;; 148 | esac 149 | } 150 | 151 | openbsd_status() { 152 | if [ ! -f /etc/rc.conf.local ]; then 153 | echo 'blockord('${1}'.disabled)' 154 | exit 1 155 | fi 156 | 157 | RC_LOCAL=$(cat /etc/rc.conf.local | awk '/pkg_scripts/ && /blockord/') 158 | case "$RC_LOCAL" in 159 | *blockord*) 160 | echo 'blockord('${1}'.enabled)' 161 | ;; 162 | *) 163 | echo 'blockord('${1}'.disabled)' 164 | ;; 165 | esac 166 | } 167 | 168 | blockor_status() { 169 | OS=$(uname -s | tr '[A-Z]' '[a-z]') 170 | if [ $(ps ax | awk '/libexec/ && /blockord.sh/' | grep -v awk | wc -l) -gt 0 ]; then 171 | if [ $OS = 'openbsd' ]; then 172 | openbsd_status 'running' 173 | else 174 | freebsd_status 'running' 175 | fi 176 | else 177 | if [ $OS = 'openbsd' ]; then 178 | openbsd_status 'stopped' 179 | else 180 | freebsd_status 'stopped' 181 | fi 182 | fi 183 | exit 0 184 | } 185 | 186 | blockor_eanble() { 187 | OS=$(uname -s | tr '[A-Z]' '[a-z]') 188 | if [ $OS = 'openbsd' ]; then 189 | rcctl enable blockord 190 | echo 'blockord(eanbled)' 191 | else 192 | sysrc blockord_enable="YES" 193 | echo 'blockord(eanbled)' 194 | fi 195 | } 196 | 197 | blockor_disable() { 198 | OS=$(uname -s | tr '[A-Z]' '[a-z]') 199 | if [ $OS = 'openbsd' ]; then 200 | rcctl disable blockord 201 | echo 'blockord(disabled)' 202 | else 203 | sysrc blockord_enable="NO" 204 | echo 'blockord(disabled)' 205 | fi 206 | } 207 | 208 | blockor_restart() { 209 | blockor_stop 210 | blockor_start 211 | exit 0 212 | } 213 | 214 | is_valid_ip() { 215 | IP=$(echo ${1} | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}') 216 | if [ -z $IP ]; then 217 | echo 'blockor(invalid IP)' 218 | exit 1 219 | fi 220 | } 221 | 222 | [ $# -lt 1 ] && usage 223 | 224 | CMD=$1 225 | shift 226 | 227 | case ${CMD} in 228 | version|-v|--version) 229 | blockor_version 230 | ;; 231 | help|-h|--help) 232 | blockor_usage 233 | ;; 234 | check|--check) 235 | permission_check 236 | blockor_check 237 | ;; 238 | start|--start) 239 | permission_check 240 | blockor_start 241 | exit 0 242 | ;; 243 | stop|--stop) 244 | permission_check 245 | blockor_stop 246 | exit 0 247 | ;; 248 | restart|--restart) 249 | permission_check 250 | blockor_restart 251 | ;; 252 | add|-a|--add) 253 | permission_check 254 | is_valid_ip $1 255 | while [ ! -z $1 ]; do 256 | blockor_add $1 257 | shift 258 | done 259 | echo 'blockor(ok)' 260 | exit 0 261 | ;; 262 | remove|-r|--remove) 263 | permission_check 264 | is_valid_ip $1 265 | while [ ! -z $1 ]; do 266 | blockor_remove $1 267 | shift 268 | done 269 | echo 'blockor(removed)' 270 | exit 0 271 | ;; 272 | flush|-f|--flush) 273 | permission_check 274 | blockor_flush 275 | ;; 276 | list|-l|--list) 277 | permission_check 278 | blockor_list 279 | ;; 280 | status|-s|--status) 281 | permission_check 282 | blockor_status 283 | ;; 284 | enable|-e|--enable) 285 | permission_check 286 | blockor_eanble 287 | ;; 288 | disable|-d|--disable) 289 | permission_check 290 | blockor_disable 291 | ;; 292 | *) 293 | blockor_usage 294 | ;; 295 | esac 296 | -------------------------------------------------------------------------------- /usr/local/libexec/blockor/blockord.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2022-2022, Muktadiur Rahman 4 | # All rights reserved. 5 | 6 | . /usr/local/etc/blockor.conf 7 | 8 | OS=$(uname -s | tr '[A-Z]' '[a-z]') 9 | 10 | tail -n 0 -f $auth_file | while read line 11 | do 12 | echo $line | grep -E "$search_pattern" | grep -oE 'from ([0-9]{1,3}\.){3}[0-9]{1,3}' | awk '{print $2}' >> $blockor_file 13 | 14 | for white_ip in $(echo $blockor_whitelist); do 15 | if [ $OS = 'openbsd' ]; then 16 | sed -i '/'"${white_ip}"'$/d' $blockor_file 17 | else 18 | sed -i '' '/'"${white_ip}"'$/d' $blockor_file 19 | fi 20 | done 21 | 22 | cat $blockor_file | sort | uniq -c | sort -nr | while read row 23 | do 24 | count=$(echo $row | awk '{print $1}') 25 | ip=$(echo $row | awk '{print $2}') 26 | if [ $count -ge $max_tolerance ]; then 27 | pfctl -t blockor -q -T add $ip 28 | echo $(date -u): $ip 'added in blocked IP list.' >> $blockor_log_file 29 | fi 30 | done 31 | done 32 | --------------------------------------------------------------------------------