/jffs/scripts/HackerPorts.sh
v2.03 is available.
Thanks to
@Xentrk ,
@Jack Yaz ,
@Csection and others for providing feed back to try and improve the reliability of the reporting.
I've rewritten the parsing code when extracting the
'Block IN=' messages from Syslog.
It appears that the
'-j LOG' chain apparently may generate
'inconsistent' messages, the weird one being the random insertion of the Unicode '
0xa0' character
' ',so whilst it appears as a space " " it really isn't so the parsing will fail.
Now it could be that this is a side effect of extracting the test data from the forum, but either way, sometimes the script works for some and not for others, but as
@Xentrk posted, it has been fine on his router, but another one he installed the script on, it just won't work.
1. Fix to include an additional check to see if the inappropriate
'nolog' directive is still being used with the
'init' call by
IPSET_Block.sh, but I only scanned both
firewall-start/
services-start and never considerd that anyone would need to use
post-mount.
@Jack Yaz
2. New command args are available (see help)
all - The report will by default report on WAN attacks.
Specifying this will allow reporting on all interfaces e.g. ppp0,vlan2 etc.
wipe - If Syslog is used to record the tracking messages (rather than the Blacklist IPSET)
then once the report is created to disk, the tracking messages are erased from Syslog.
in= I have lots of archived Syslogs and to try and prove that the script genuinely works, needed to quickly point the script at a file rather than the 'live' Syslog.
3. GRE report. These '
-j LOG' messages contain no target 'DPT=' clause which caused the parsing to fail dismally given that this is a critical field that I explicitly need to use as a delimiter.
These attempts are now also reported, so perhaps IPSET_Block.sh deserves brownie-points! - or not!
The general reporting info has also been tweaked to give better feedback, along with some additional cosmetic fluff!.
No doubt it is riddled with bugs, but that is the price I pay for not requesting a lengthy beta testing programme.
Caveat Emptor!