sip-tarpit/action_script.sh

#!/bin/sh
# Script to run when a new suspicious IP address is detected.

# Example for Linux:
#   iptables -I INPUT -s $1 -j DROP
#
# Example for OpenBSD:
# Having this line in /etc/doas.conf
#   permit nopass _tarpit as root cmd /sbin/pfctl
# And having a table defined in pf.conf:
#   table <blacklist> persist file "/etc/blacklist"
#   block drop in quick from <blacklist> to any
# then it is possible to add/delete dinamically:
#   doas /sbin/pfctl -t blacklist -T add $1
#   doas /sbin/pfctl -t blacklist -T delete $1

# Example for "debugging":
echo $1 > /tmp/foo
action script 2024-04-18 13:43:01 +02:00			`#!/bin/sh`
			`# Script to run when a new suspicious IP address is detected.`

			`# Example for Linux:`
			`# iptables -I INPUT -s $1 -j DROP`
			`#`
			`# Example for OpenBSD:`
clarifications on example action script 2024-04-18 17:34:26 +02:00			`# Having this line in /etc/doas.conf`
			`# permit nopass _tarpit as root cmd /sbin/pfctl`
			`# And having a table defined in pf.conf:`
action script 2024-04-18 13:43:01 +02:00			`# table <blacklist> persist file "/etc/blacklist"`
			`# block drop in quick from <blacklist> to any`
clarifications on example action script 2024-04-18 17:34:26 +02:00			`# then it is possible to add/delete dinamically:`
			`# doas /sbin/pfctl -t blacklist -T add $1`
			`# doas /sbin/pfctl -t blacklist -T delete $1`
action script 2024-04-18 13:43:01 +02:00
			`# Example for "debugging":`
			`echo $1 > /tmp/foo`