sven-hash/simple.sh

## simple.sh
#!/usr/bin/env bash

if ! command -v ipset &> /dev/null
then
    echo "ipset could not be found\nInstall it"
    exit
fi

ipset -L  blacklist-mixnode >/dev/null 2>&1
if [ $? -ne 0 ]; then
        echo "blacklist-mixnode created"
        ipset create blacklist-mixnode hash:ip
fi

ipset -L  blacklist6-mixnode >/dev/null 2>&1
if [ $? -ne 0 ]; then
        echo "blacklist6-mixnode created"
        ipset create blacklist6-mixnode hash:ip family inet6
fi

iptables -C INPUT -m set --match-set  blacklist-mixnode src -j DROP > /dev/null 2>&1
if [ $? -ne 0 ] ;then
        echo "Rule IP blocklist added"
        iptables -I INPUT 1 -m set --match-set  blacklist-mixnode src -j DROP
fi

ip6tables -C INPUT -m set --match-set  blacklist6-mixnode src -j DROP > /dev/null 2>&1
if [ $? -ne 0 ] ;then
        echo "Rule IP blocklist added"
        ip6tables -I INPUT 1 -m set --match-set  blacklist6-mixnode src -j DROP
fi


# SAVE IPTABLES iptables-save > /etc/iptables/rules.v4 && ip6tables-save > /etc/iptables/rules.v6

# Limit connections to 150 per source IP
iptables -C INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
if [ $? -ne 0 ] ;then
        echo "Rule Limit connections to 150 per source IP added"
        iptables -A INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
fi

ip6tables -C INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
if [ $? -ne 0 ] ;then
        echo "Rule Limit connections to 150 per source IP added"
        ip6tables -A INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
fi


# Limit new TCP (80) connections per second per source IP
iptables -C INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
if [ $? -ne 0 ] ;then
        echo "Rule Limit new TCP (120) connections per second per source IP added"
        iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
fi
iptables -C INPUT -p tcp -m conntrack --ctstate NEW -j DROP
if [ $? -ne 0 ] ;then
        echo "Rule Limit new TCP (120) connections per second per source IP added"
        iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
fi

ip6tables -C INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
if [ $? -ne 0 ] ;then
        echo "Rule Limit new TCP (120) connections per second per source IP added"
        ip6tables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
fi
ip6tables -C INPUT -p tcp -m conntrack --ctstate NEW -j DROP
if [ $? -ne 0 ] ;then
        echo "Rule Limit new TCP (120) connections per second per source IP added"
        ip6tables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
fi
	#!/usr/bin/env bash

	if ! command -v ipset &> /dev/null
	then
	echo "ipset could not be found\nInstall it"
	exit
	fi

	ipset -L blacklist-mixnode >/dev/null 2>&1
	if [ $? -ne 0 ]; then
	echo "blacklist-mixnode created"
	ipset create blacklist-mixnode hash:ip
	fi

	ipset -L blacklist6-mixnode >/dev/null 2>&1
	if [ $? -ne 0 ]; then
	echo "blacklist6-mixnode created"
	ipset create blacklist6-mixnode hash:ip family inet6
	fi

	iptables -C INPUT -m set --match-set blacklist-mixnode src -j DROP > /dev/null 2>&1
	if [ $? -ne 0 ] ;then
	echo "Rule IP blocklist added"
	iptables -I INPUT 1 -m set --match-set blacklist-mixnode src -j DROP
	fi

	ip6tables -C INPUT -m set --match-set blacklist6-mixnode src -j DROP > /dev/null 2>&1
	if [ $? -ne 0 ] ;then
	echo "Rule IP blocklist added"
	ip6tables -I INPUT 1 -m set --match-set blacklist6-mixnode src -j DROP
	fi


	# SAVE IPTABLES iptables-save > /etc/iptables/rules.v4 && ip6tables-save > /etc/iptables/rules.v6

	# Limit connections to 150 per source IP
	iptables -C INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
	if [ $? -ne 0 ] ;then
	echo "Rule Limit connections to 150 per source IP added"
	iptables -A INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
	fi

	ip6tables -C INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
	if [ $? -ne 0 ] ;then
	echo "Rule Limit connections to 150 per source IP added"
	ip6tables -A INPUT -p tcp -m connlimit --connlimit-above 150 -j REJECT --reject-with tcp-reset
	fi


	# Limit new TCP (80) connections per second per source IP
	iptables -C INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
	if [ $? -ne 0 ] ;then
	echo "Rule Limit new TCP (120) connections per second per source IP added"
	iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
	fi
	iptables -C INPUT -p tcp -m conntrack --ctstate NEW -j DROP
	if [ $? -ne 0 ] ;then
	echo "Rule Limit new TCP (120) connections per second per source IP added"
	iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
	fi

	ip6tables -C INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
	if [ $? -ne 0 ] ;then
	echo "Rule Limit new TCP (120) connections per second per source IP added"
	ip6tables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 100/s --limit-burst 20 -j ACCEPT
	fi
	ip6tables -C INPUT -p tcp -m conntrack --ctstate NEW -j DROP
	if [ $? -ne 0 ] ;then
	echo "Rule Limit new TCP (120) connections per second per source IP added"
	ip6tables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
	fi