I wish to have a block_ip.sh so I can block IPs through DirectAdmin
*** DirectAdmin technical support does not include firewalls, so any use of this guide will be at your own risk, and beyond the reach of our technical support ***
Read all text included with each step!
Init type (CentOS 7 is systemd, requires 2.1+)
1) The first part of thie guide will outline how to setup the actual firewall for the block_ip.sh to use. Note that we're not able to offer any support for this setup, so use it at your own risk. Also, this file is written for a CentOS/Fedora type system and has not been tested on Debian or FreeBSD (it may work on Debian, not sure).
mv iptables iptables.backup
chmod 755 iptables
This should activate the button in DA at:
Admin Level -> Brute Force Monitor -> IP Info -> Block IP
This particular block_ip.sh script will check to ensure that the IP you're blocking does not already exist in the list.
It will also generate the output from "iptables -nL" which should show you everything that is current blocked in the list. (iptables -nL is also output in the event the IP is already blocked, so you can see your iptables list without doing anything)
3) Create the empty block list and exempt list files:
4) This last step is optional and should only be used after you've tested the above setup for a while to get comfortable that you're not going to block yourself. The block_ip.sh is only used for an active "click" by the Admin, it does not automate blocking. To automate blocking, install the following script:
wget -O brute_force_notice_ip.sh http://files.directadmin.com/services/all/block_ips/2.2/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh
For safety reasons, if you change your ssh port, it's a good idea to ensure that port is added to /etc/sysconfig/iptables in case iptables gets updated and overwrites this config.
If you're running FreeBSD with ipfw, you'd skip steps 1, 2 and 3, and instead, add the following code to the file:
echo "Blocking $ip with ipfw ...
ipfw add deny ip from $ip to any
We've changed our 3 scripts above (step 2) to use the ipfw commands from the mentioned guide (with 'table 10'), but since they use the /root/blocked_ips.txt file, they also support the dateblocked feature, thus can be used for the auto-unblock option.