How to automate the IP blocking using IPFW in FreeBSD and DirectAdmin Brute Force Monitor

FreeBSD+DirectAdmin
In this article we will try to automate the IP blocking using IPFW in FreeBSD and Brute Force Management System of DirectAdmin. You will have additional management interfaces in DirectAdmin which would give you the possibility of unblocking or whitelisting the IPs inside the DirectAdmin management area.

 

IP Block/unblock using IPFW in FreeBSD and DirectAdmin BruteForce Monitor

First make sure that IPFW with tables support in installed on your FreeBSD server. If not, please click on below article to install it:
>> How to Install IPFW on FreeBSD 8, 9, 11 in DirectAdmin

ALWAYS BACKUP YOUR SERVER BEFORE MAKING NEW CHANGES

 

1- Creating the necessary DirectAdmin Block/Unblock scripts

# cd /usr/local/directadmin/scripts/custom
# touch block_ip.sh unblock_ip.sh brute_force_notice_ip.sh show_blocked_ips.sh
# chmod 755 block_ip.sh unblock_ip.sh brute_force_notice_ip.sh show_blocked_ips.sh

2 Creating block_ip.sh

#!/bin/sh

echo "Blocking IP: $ip<br />";

/sbin/ipfw -q table 10 add $ip

echo "<br /><br />Result:";
echo "<br /><br /><textarea cols=160 rows=60>";

/sbin/ipfw table 10 list

echo "</textarea>";

exit 0;

3 Creating unblock_ip.sh

#!/bin/sh

echo "Unblocking IP: $ip<br />";

/sbin/ipfw -q table 10 delete $ip/32

exit 0;

4 Creating brute_force_notice_ip.sh

#!/bin/sh

SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh

ip=$value $SCRIPT

exit $?;

5 Creating show_blocked_ips.sh

#!/bin/sh

/sbin/ipfw table 10 list | sed 's/\/32 0//g'

exit 0;
Verify if DirectAdmin is showing you the Block and Unblock buttons in Brute Force Management and if they are functioning.
Restart your server to make sure everything is ok once it’s online again. Double-check all services: mail, FTP, web, SSL connections, etc.

Related Entries