raidzero/ipblock.sh

## ipblock.sh
#!/bin/bash

# this parses the openvpn connection log for any suspected attackers and blocks them, also uses geoiplookup to show the country :)

LIST=$1
COUNT=0
for IP in `cat /var/log/openvpn.log | grep attack | grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | sort -u`; do
        LOCATION=`geoiplookup $IP | awk -F ": " '{print$2}'`
        if [ -z "$LIST" ]; then
                # check for existing rule
                iptables -C INPUT -s $IP -j DROP &> /dev/null

                if [ $? -ne 0 ]; then
                        iptables -A INPUT -s $IP -j DROP # add rule
                        echo "Blocked IP: $IP ($LOCATION)"
                        let COUNT+=1
                fi
        else
                echo "Evil IP: $IP ($LOCATION)"
                let COUNT+=1
        fi
done

if [ -z "$LIST" ]; then
        echo "Blocked $COUNT IP addresses"
else
        echo "$COUNT Evil IP addresses"
fi
	#!/bin/bash

	# this parses the openvpn connection log for any suspected attackers and blocks them, also uses geoiplookup to show the country :)

	LIST=$1
	COUNT=0
	for IP in `cat /var/log/openvpn.log \| grep attack \| grep -oE "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" \| sort -u`; do
	LOCATION=`geoiplookup $IP \| awk -F ": " '{print$2}'`
	if [ -z "$LIST" ]; then
	# check for existing rule
	iptables -C INPUT -s $IP -j DROP &> /dev/null

	if [ $? -ne 0 ]; then
	iptables -A INPUT -s $IP -j DROP # add rule
	echo "Blocked IP: $IP ($LOCATION)"
	let COUNT+=1
	fi
	else
	echo "Evil IP: $IP ($LOCATION)"
	let COUNT+=1
	fi
	done

	if [ -z "$LIST" ]; then
	echo "Blocked $COUNT IP addresses"
	else
	echo "$COUNT Evil IP addresses"
	fi