maride/sshutter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Only log changes

Browse Source
This commit is contained in:
maride 2024-06-27 15:21:19 +02:00
parent e5a8d2d21b
commit 6dfb40a70a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
usr/sbin/sshutterd
View File

@ -22,18 +22,25 @@ if [ "$UID" -ne 0 ]; then
fi fi
# Main loop # Main loop
oldstate=""
while [ true ]; do while [ true ]; do
ping -c 3 "$TARGET" 1>/dev/null ping -c 3 "$TARGET" 1>/dev/null
if [ "$?" -eq 0 ]; then if [ "$?" -eq 0 ]; then
# Ping successful, apply shutter # Ping successful, apply shutter
log "[sshutter] Blocking port 22 for IPs outside $WHITELIST" if [ "$oldstate" != "blocked" ]; then
log "[sshutter] Blocking port 22 for IPs outside $WHITELIST"
oldstate="blocked"
fi
nft add table inet filter nft add table inet filter
nft add chain inet filter sshutterv4 \{ type filter hook input priority filter \; policy accept \; \} nft add chain inet filter sshutterv4 \{ type filter hook input priority filter \; policy accept \; \}
nft add rule inet filter sshutterv4 tcp dport "$PORT" ip saddr "$WHITELIST" accept nft add rule inet filter sshutterv4 tcp dport "$PORT" ip saddr "$WHITELIST" accept
nft add rule inet filter sshutterv4 tcp dport "$PORT" drop nft add rule inet filter sshutterv4 tcp dport "$PORT" drop
else else
# Ping failed, lift shutter # Ping failed, lift shutter
log "[sshutter] Releasing port block" if [ "$oldstate" != "released" ]; then
log "[sshutter] Releasing port block"
oldstate="released"
fi
nft destroy chain inet filter sshutterv4 nft destroy chain inet filter sshutterv4
fi fi