How to Dynamically Ban Malicious IP's using IPSet (Martineau version)

[Csection]

No problem, although I'm not sure if there are subtle variations in the way that Xshell5 vs. PuTTY actually renders the colours on screen.

I don't know about that stuff, but all I know is I can now see the text in the green box, so I'm a happy camper!
Thanks again!

 

[Csection]

Hey, Martineau!
How can I fix this from IPSET_Block?
Summary Blacklist: _47+0 Successful blocks! ( 27463 IPs currently banned - 3 expired ), Entries auto-expire after 7 days 00:00:00hrs, 11 permanently banned

I have the following lines in IPSET_Block
TEXT=$cRESET"Summary Blacklist: \e[30;48;5;82m_${IHITS}+$FHITS Successful blocks!$cRESET ( $cRED_$OLDAMOUNT IPs$
TEXT2="Summary Blacklist: $HITS Successful blocks! ( $OLDAMOUNT IPs currently banned - $DELTA $UP_DOWN $INTERVA$
This is in ver. 4.03.

 

[Martineau]

Hey, Martineau!
How can I fix this from IPSET_Block?
Summary Blacklist: _47+0 Successful blocks! ( 27463 IPs currently banned - 3 expired ), Entries auto-expire after 7 days 00:00:00hrs, 11 permanently banned

I have the following lines in IPSET_Block
TEXT=$cRESET"Summary Blacklist: \e[30;48;5;82m_${IHITS}+$FHITS Successful blocks!$cRESET ( $cRED_$OLDAMOUNT IPs$
TEXT2="Summary Blacklist: $HITS Successful blocks! ( $OLDAMOUNT IPs currently banned - $DELTA $UP_DOWN $INTERVA$
This is in ver. 4.03.

Fix the typo you introduced when changing the colour of the successful blocks?

https://www.snbforums.com/threads/h...t-martineau-version.38748/page-19#post-334793

 

[Csection]

I tried re-entering the line you sent and it still is the same. That is a copy of what I got from you.

What is the typo?
Sorry! I was gone for quite a while. Just returned.

 

[Csection]

Here is the output of the code of line you sent

Summary Blacklist: 399+0 Successful blocks! ( 27400 IPs currently banned - 11 expired ), Entries auto-expire after 7 days 00:00:00hrs, 13 permanently banned
Here is the line of code I have:
TEXT=$cRESET"Summary Blacklist: \e[30;48;5;82m${IHITS}+$FHITS Successful blocks!$cRESET ( $cRED_$OLDAMOUNT IPs currently banned - $DELTA $UP_DOWN$cRESET $INTERVAL)"

 

[Martineau]

I am not clear on what your issue is.

In your origininal post

How can I fix this from IPSET_Block?
Summary Blacklist: _47+0 Successful blocks! ( 27463 IPs currently banned - 3 expired ), Entries auto-expire after 7 days 00:00:00hrs, 11 permanently banned

there is an extraneous '_' character reported as part of the Successful blocks/hit count which was never present in my original post which showed how a modified ANSI string could be used to change the colours.

So as you introduced the extra '_' character I assumed this was your typo and needs to be corrected?

 

[Jack Yaz]

Csection said: ↑
Hey, Martineau!
How can I fix this from IPSET_Block?
Summary Blacklist: _47+0 Successful blocks! ( 27463 IPs currently banned - 3 expired ), Entries auto-expire after 7 days 00:00:00hrs, 11 permanently banned

I have the following lines in IPSET_Block
TEXT=$cRESET"Summary Blacklist: \e[30;48;5;82m_${IHITS}+$FHITS Successful blocks!$cRESET ( $cRED_$OLDAMOUNT IPs$
TEXT2="Summary Blacklist: $HITS Successful blocks! ( $OLDAMOUNT IPs currently banned - $DELTA $UP_DOWN $INTERVA$
This is in ver. 4.03.

Looks to me that in TEXT, the extra _ is coming before ${IHITS}

Remove that and that should solve your problem?

 

[Csection]

I took out the "_" and now I'm getting this:

Summary Blacklist: 5,849+0 Successful blocks! ( 20313 IPs currently banned - 1 added ), Entries auto-expire after 7 days 00:00:00hrs, 12 permanently banned

???

 

[Martineau]

I took out the "_" and now I'm getting this:

Summary Blacklist: 5,849+0 Successful blocks! ( 20313 IPs currently banned - 1 added ), Entries auto-expire after 7 days 00:00:00hrs, 12 permanently banned

???

???

 

[Csection]

???

I was just looking for some guidance.

 

[Martineau]

I was just looking for some guidance.

On what?

 

[Csection]

On what?

On that output :

Summary Blacklist: 5,849+0.
Is that correct?

 

[Martineau]

On that output :

Summary Blacklist: 5,849+0.
Is that correct?

Whether 5849 is correct or not depends on the counters maintained by the kernel/iptables and should be confirmed by the command

iptables --line -nvL INPUT | grep -E "set.*Blacklist|^num"

NOTE: If the number of pkts reported by iptables has a suffix such as 'K'

e.g. 57K

then I multiply the number by 1024.

So, the first number 5849 is the number of blocking hits on the INPUT chain, and the second number 0 (using the '+' character as a delimiter) is the number of blocking hits on the FORWARD chain, giving a combined total of 5,849.

 

[kreutpet]

hi

i am on RT-AC66U 380.66-6 and try to get your scripts working.
i am using the version v3.05

sh /jffs/scripts/IPSET_Block.sh init reset
(IPSET_Block.sh): 12523 v3.05 ▒ 2016-2017 Martineau, Dynamic IPSET Blacklist banning request.....
(IPSET_Block.sh): 12523 IPSETs: 'Blacklist/Whitelist' created EMPTY..... [init reset]
iptables v1.3.8: Unknown arg `--add-set'
Try `iptables -h' or 'iptables --help' for more information.
(IPSET_Block.sh): 12523 Dynamic IPSET Blacklist banning enabled.

Summary Blacklist: 0 Successful blocks! ( 0 IPs currently banned - 0 added )

I saw there is an updated version available v4.03 but i did not find any link for download.
Could you please send the link again
is the new version fixing above issue on my router version?
Many thanks

 

[Csection]

Whether 5849 is correct or not depends on the counters maintained by the kernel/iptables and should be confirmed by the command

iptables --line -nvL INPUT | grep -E "set.*Blacklist|^num"

NOTE: If the number of pkts reported by iptables has a suffix such as 'K'

e.g. 57K

then I multiply the number by 1024.

So, the first number 5849 is the number of blocking hits on the INPUT chain, and the second number 0 (using the '+' character as a delimiter) is the number of blocking hits on the FORWARD chain, giving a combined total of 5,849.

Ok, Thank you! I'll check this out.

 

[Martineau]

i am on RT-AC66U 380.66-6 and try to get your scripts working.
i am using the version v3.05

iptables v1.3.8: Unknown arg `--add-set'

Unfortunately the script requires iptables v1.4.14

https://www.snbforums.com/threads/h...et-martineau-version.38748/page-5#post-321893

I saw there is an updated version available v4.03...... is the new version fixing above issue on my router version?

Sadly the answer is NO,... the latest v4.03 version now requires IPSET v6 etc.

 

[kreutpet]

many thanks.

So there is maybe some hope that future release of Merlin firmware will update that version for AC66U.
Hope so

 

[RMerlin]

many thanks.

So there is maybe some hope that future release of Merlin firmware will update that version for AC66U.
Hope so

Kernel's too old.

 

[Xentrk]

No problem, although I'm not sure if there are subtle variations in the way that Xshell5 vs. PuTTY actually renders the colours on screen.

I don't know about that stuff, but all I know is I can now see the text in the green box, so I'm a happy camper!
Thanks again!

Awhile back, @thelonelycoder shared a comparison he did comparing colors with the various SSH clients, as I was having issues with the white text on green background on AB-Solution with MobaXterm. Perhaps if he still has it, he can repost for those that are curious.

 

[thelonelycoder]

Awhile back, @thelonelycoder shared a comparison he did comparing colors with the various SSH clients, as I was having issues with the white text on green background on AB-Solution. Perhaps if he still has it, he can repost for those that are curious.

Here it is, made in April this year: