2 # Adds an IP to the firewalld drop list
3 # Requirements: Linux with firewalld
5 # Author: Daniel B. Cid (iptables)
7 # Author: ChristianBeer
8 # Last modified: Apr 10, 2015
13 FWDCMD="/bin/firewall-cmd"
16 # ARG2 can be used to specify the zone where the rich rule should be added otherwise it adds it to the default zone
18 #ARG2="--zone=external"
25 LOCK_PID="${PWD}/fw-drop/pid"
31 filename=$(basename "$0")
33 LOG_FILE="${PWD}/../logs/active-responses.log"
35 echo "`date` $0 $1 $2 $3 $4 $5" >> ${LOG_FILE}
39 if [ "x${IP}" = "x" ]; then
40 echo "$0: <action> <username> <ip>"
45 *:* ) RULE="rule family='ipv6' source address='${IP}' drop";;
46 *.* ) RULE="rule family='ipv4' source address='${IP}' drop";;
47 * ) echo "`date` Unable to run active response (invalid IP: '${IP}')." >> ${LOG_FILE} && exit 1;;
50 # This number should be more than enough (even if a hundred
51 # instances of this script is ran together). If you have
52 # a really loaded env, you can increase it to 75 or 100.
61 mkdir ${LOCK} > /dev/null 2>&1
63 if [ "${MSL}" = "0" ]; then
64 # Lock acquired (setting the pid)
65 echo "$$" > ${LOCK_PID}
69 # Getting currently/saved PID locking the file
70 C_PID=`cat ${LOCK_PID} 2>/dev/null`
71 if [ "x" = "x${S_PID}" ]; then
75 # Breaking out of the loop after X attempts
76 if [ "x${C_PID}" = "x${S_PID}" ]; then
84 # So i increments 2 by 2 if the pid does not change.
85 # If the pid keeps changing, we will increments one
86 # by one and fail after MAX_ITERACTION
88 if [ "$i" = "${MAX_ITERATION}" ]; then
90 for pid in `pgrep -f "${filename}"`; do
91 if [ "x${pid}" = "x${C_PID}" ]; then
92 # Unlocking and exiting
94 echo "`date` Killed process ${C_PID} holding lock." >> ${LOG_FILE}
103 if [ "x${kill}" = "xfalse" ]; then
104 echo "`date` Unable kill process ${C_PID} holding lock." >> ${LOG_FILE}
105 # Unlocking and exiting
122 if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then
123 echo "$0: invalid action: ${ACTION}"
129 # We should run on linux
130 if [ "X${UNAME}" = "XLinux" ]; then
131 if [ "x${ACTION}" = "xadd" ]; then
132 ARG1="--add-rich-rule="
134 ARG1="--remove-rich-rule="
137 # Checking if firewall-cmd is present
138 if [ ! -x ${FWDCMD} ]; then
139 FWDCMD="/usr"${FWDCMD}
140 if [ ! -x ${FWDCMD} ]; then
141 echo "$0: can not find firewall-cmd"
146 # Executing and exiting
150 ${FWDCMD} ${ARG1}"${RULE}" ${ARG2} >/dev/null
152 if [ $RES = 0 ]; then
155 COUNT=`expr $COUNT + 1`;
156 echo "`date` Unable to run (firewall-cmd returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${LOG_FILE}
159 if [ $COUNT -gt 4 ]; then