diff options
| author | Freemor <freemor@freemor.ca> | 2019-10-29 08:58:51 -0300 |
|---|---|---|
| committer | Freemor <freemor@freemor.ca> | 2019-10-29 08:58:51 -0300 |
| commit | bb7e31ea96956f6e95475ce1eb154e136ad0a23b (patch) | |
| tree | 2e5e5bddaa6d5eb022fe2dd038cd53aaa68252b4 | |
| parent | 1efcbc1df4a0dc9a0952034435172f3aec5b230c (diff) | |
Add whitelist feature
| -rwxr-xr-x | theDrain | 13 |
1 files changed, 10 insertions, 3 deletions
@@ -3,12 +3,13 @@ # Watch for floods and blacklist # Lets get some Variables defined -readonly max_ho=5 # Max # of Half Open Connections -readonly host_ip="" # IP addy of host machine -readonly log_file="~/Drain.txt" # Directory to log to. +readonly max_ho=8 # Max # of Half Open Connections +readonly host_ip="" # IP addy of host machine +readonly log_file="/home/user/Drain.txt" # Directory to log to. readonly alert_to="foo@example.com" # Who to mail Alerts to readonly alert_level=50 # How man Half Open before we send an e-mail readonly server_name="$(hostname)" # Name of your server. For E-mail alerts, defaults to hostmane +readonly whitelist_file="/home/user/whitelist" # location of a list of IPs not to block 1 per live # This Function scans for half open TCP connections (Sign of a SYN flood) # and outputs a list of: @@ -26,6 +27,12 @@ function blackList () { echo "no value" return 1 fi + # Is the IP whitelisted + grep -q "$1" "$whitelist_file" + if [[ $? -eq 0 ]]; then + echo "$1 is Whitelisted. Not Blocking." + return 1 + fi echo "Checking: $1" iptables -L INPUT -n | grep -q $1 if [ $? == 0 ]; then |