while most of the time connecting to a remote server using openvpn would be a smart choice, sometimes it's not an option. This script is for a linux behind a firewall/router. It's intended to prevent SSH attacks (by simply denying access to the SSH port) while allowing you to connect from your own dynamic DNS, that is, if you have a dynamic ip given by your ISP, otherwise you could simply use iptables.
#!/bin/bash
valor=`host yourdyndns`
OK=$?
if [ $OK -ne 0 ]; then
exit
fi
addr=$(echo $valor |egrep "address .*" -o)
ip=$(echo $parte |egrep "[0-9\.]*" -o)
whitelist=/root/whitelist
touch ${whitelist}
exists=`cat ${whitelist} | grep "${parte2}"`
if [ $? -ne 0 ]; then
echo $ip >$whitelist
iptables -F iptables -A INPUT -s $ip -j ACCEPT
iptables -A FORWARD -s $ip -j \ ACCEPT
iptables -A INPUT -p tcp --dport 22022 -j DROP
fi
add this to rc.local to reload iptables during bootup:
# delete whitelist
rm /root/whitelist
# run previous script
/root/bin/testso.sh
No comments:
Post a Comment