X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=active-response%2Fwin%2Ffirewall-drop.cmd;fp=active-response%2Fwin%2Ffirewall-drop.cmd;h=dbde4e345bef658ee172072ac79c004ca0a3af24;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/active-response/win/firewall-drop.cmd b/active-response/win/firewall-drop.cmd
new file mode 100644
index 0000000..dbde4e3
--- /dev/null
+++ b/active-response/win/firewall-drop.cmd
@@ -0,0 +1,42 @@
+@ECHO OFF
+ECHO.
+
+:: Set some variables
+FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DAT=%%A %%B
+FOR /F "TOKENS=1-3 DELIMS=:" %%A IN ("%TIME%") DO SET TIM=%%A:%%B:%%C
+
+:: Block IP Address
+SET ACTION=%~1
+SET SRCIP=%~3
+
+:: Check for required arguments
+IF /I "%ACTION%"=="" GOTO ERROR
+IF /I "%2"=="" GOTO ERROR
+IF /I "%SRCIP%"=="" GOTO ERROR
+
+
+IF /I "%ACTION%"=="add" GOTO ADD
+IF /I "%ACTION%"=="delete" GOTO DEL
+
+:ERROR
+ECHO Invalid argument(s).
+ECHO Usage: firewall-drop.cmd ^(add^|delete^) user IP_Address
+ECHO Example: firewall-drop.cmd ADD - 1.2.3.4
+ECHO %DAT%%TIM% "%~f0" %1 %2 %3 (error) >> "%OSSECPATH%active-response\active-responses.log"
+EXIT /B 1
+
+:: Adding IP to be blocked
+
+:ADD
+ECHO Adding
+netsh advfirewall firewall add rule name="OSSEC-%SRCIP%" dir=in interface=any action=block remoteip=%SRCIP%  
+ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"
+GOTO EXIT
+
+:DEL
+ECHO Removing
+netsh advfirewall firewall delete rule name="OSSEC-%SRCIP%" dir=in
+ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"
+
+
+:EXIT /B 0:
\ No newline at end of file