Init
This commit is contained in:
32
usr/sbin/sshutterd
Executable file
32
usr/sbin/sshutterd
Executable file
@@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ -f "/etc/sshutter.conf" ]; then
|
||||
. /etc/sshutter.conf
|
||||
fi
|
||||
|
||||
function log {
|
||||
echo "$(date +'%Y-%m-%d %H:%M:%S') $@"
|
||||
}
|
||||
|
||||
if [ "$UID" -ne 0 ]; then
|
||||
echo "Error: must be root." 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while [ true ]; do
|
||||
ping -c 3 "$TARGET" 1>/dev/null
|
||||
if [ "$?" -eq 0 ]; then
|
||||
# Ping successful, apply shutter
|
||||
log "[sshutter] Blocking port 22 for IPs outside $WHITELIST"
|
||||
nft add table inet filter
|
||||
nft add chain inet filter sshutterv4 \{ type filter hook input priority filter \; policy accept \; \}
|
||||
nft add rule inet filter sshutterv4 tcp dport "$PORT" ip saddr "$WHITELIST" accept
|
||||
nft add rule inet filter sshutterv4 tcp dport "$PORT" drop
|
||||
else
|
||||
# Ping failed, lift shutter
|
||||
log "[sshutter] Releasing port block"
|
||||
nft destroy chain inet filter sshutterv4
|
||||
fi
|
||||
|
||||
sleep 60
|
||||
done
|
||||
Reference in New Issue
Block a user