Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

2026-01-17T08:45:10Z

Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

← Older revision		Revision as of 08:45, 17 January 2026
Line 1:		Line 1:
	[[Category:Wiki]]		[[Category:Wiki]]

			'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''


	== crtl-snort2c-fail2ban.sh ==		== crtl-snort2c-fail2ban.sh ==

Admin: Created page with "Category:Wiki == crtl-snort2c-fail2ban.sh == #!/bin/bash # Define the IP addresses at the top for easy customization IP_PFSENSE_SOURCE_01="1.2.3.4" IP_PFSENSE_SOURCE_02="1.2.3.5" IP_FAIL2BAN="1.2.3.6" IP_PFSENSE_DEST="1.2.3.7" SSH_KEY="/path/to/your/ssh/key" # Specify your SSH private key location SNORT_TABLE="snort2c" # Define the pfSense Snort table name # Function to fetch banned IPs from the remote pfSense Snort2c table via SSH fetch_pfs..."

2025-12-16T17:02:46Z

Created page with "Category:Wiki == crtl-snort2c-fail2ban.sh == <nowiki> #!/bin/bash # Define the IP addresses at the top for easy customization IP_PFSENSE_SOURCE_01="1.2.3.4" IP_PFSENSE_SOURCE_02="1.2.3.5" IP_FAIL2BAN="1.2.3.6" IP_PFSENSE_DEST="1.2.3.7" SSH_KEY="/path/to/your/ssh/key" # Specify your SSH private key location SNORT_TABLE="snort2c" # Define the pfSense Snort table name # Function to fetch banned IPs from the remote pfSense Snort2c table via SSH fetch_pfs..."

New page

[[Category:Wiki]]

== crtl-snort2c-fail2ban.sh ==

<nowiki>
#!/bin/bash

# Define the IP addresses at the top for easy customization
IP_PFSENSE_SOURCE_01="1.2.3.4"
IP_PFSENSE_SOURCE_02="1.2.3.5"
IP_FAIL2BAN="1.2.3.6"
IP_PFSENSE_DEST="1.2.3.7"
SSH_KEY="/path/to/your/ssh/key" # Specify your SSH private key location
SNORT_TABLE="snort2c" # Define the pfSense Snort table name

# Function to fetch banned IPs from the remote pfSense Snort2c table via SSH
fetch_pfsense_banned_ips() {
local pfsense_host=$1
local ssh_key=$2
local snort_table=$3

echo "Fetching banned IPs from pfSense Snort2c table at $pfsense_host..."
ssh -i "$ssh_key" "$pfsense_host" "pfctl -t $snort_table -T show" 2>/dev/null
}

# Function to fetch banned IPs from Fail2Ban on a remote server
fetch_fail2ban_banned_ips() {
local fail2ban_host=$1
local ssh_key=$2

echo "Fetching banned IPs from Fail2Ban at $fail2ban_host..."
ssh -i "$ssh_key" "$fail2ban_host" "fail2ban-client banned" 2>/dev/null
}

# Function to merge IPs, sort, remove duplicates and return the final list
merge_banned_ips() {
local sources=("$@")
local merged_ips=""

for source in "${sources[@]}"; do
merged_ips+="$source"$'\n'
done

# Sort, remove duplicates, and return the final list
echo "$merged_ips" | sort -n | uniq
}

# Function to whitelist a network in the pfSense Snort2c table via SSH
whitelist_network() {
local pfsense_host=$1
local ssh_key=$2
local snort_table=$3
local network=$4

echo "Whitelisting network $network in pfSense Snort2c table at $pfsense_host..."
ssh -i "$ssh_key" "$pfsense_host" "pfctl -t $snort_table -T add $network" 2>/dev/null
}

# Function to unban a specific IP address from the pfSense Snort2c table
unban_ip() {
local pfsense_host=$1
local ssh_key=$2
local snort_table=$3
local ip=$4

echo "Unbanning IP $ip from pfSense Snort2c table at $pfsense_host..."
ssh -i "$ssh_key" "$pfsense_host" "pfctl -t $snort_table -T delete $ip" 2>/dev/null
}

# Function to validate IP address or CIDR with regex
validate_ip_or_cidr() {
local input=$1
# Regular expression for validating IP or CIDR format
if [[ "$input" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))?$ ]]; then
return 0 # valid IP or CIDR
else
return 1 # invalid IP or CIDR
fi
}

# Function to validate IP address format
validate_ip() {
local ip=$1
if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
return 0 # valid IP
else
return 1 # invalid IP
fi
}

# Function to parse and handle command line options
handle_options() {
while getopts "m:w:u:" opt; do
case ${opt} in
m)
# Merge IP lists from all sources and reinject it
merge_banned_ip "$OPTARG"
;;
w)
# Whitelist network CIDR (e.g., 192.168.0.0/24)
if validate_ip_or_cidr "$OPTARG"; then
whitelist_network "$IP_PFSENSE_SOURCE_01" "$SSH_KEY" "$SNORT_TABLE" "$OPTARG"
else
echo "Invalid network CIDR format: $OPTARG"
exit 1
fi
;;
u)
# Unban a specific IP address (e.g., 192.168.1.100)
if validate_ip "$OPTARG"; then
unban_ip "$IP_PFSENSE_SOURCE_01" "$SSH_KEY" "$SNORT_TABLE" "$OPTARG"
else
echo "Invalid IP address format: $OPTARG"
exit 1
fi
;;
*)
echo "Usage: $0 [-m merge_ips] [-w whitelist_network] [-u unban_ip]"
exit 1
;;
esac
done
}

# Function to merge and reinject the banned IPs
merge_banned_ip() {
local sources="$1" # comma-separated list of sources
local pfsense_host=""
local ssh_key=""
local snort_table=""

IFS=',' read -ra ADDR <<< "$sources"
for source in "${ADDR[@]}"; do
# Parsing the source to extract host, ssh_key, snort_table
IFS=':' read -r pfsense_host ssh_key snort_table <<< "$source"

# Fetch banned IPs from the remote pfSense
pfsense_ips=$(fetch_pfsense_banned_ips "$pfsense_host" "$ssh_key" "$snort_table")

# Fetch banned IPs from remote Fail2Ban
fail2ban_ips=$(fetch_fail2ban_banned_ips "$pfsense_host" "$ssh_key")

# Merge the lists
merged_ips=$(merge_banned_ips "$pfsense_ips" "$fail2ban_ips")

# Print the final merged IPs
echo "$merged_ips"

# Optionally reinject to pfSense
for ip in $merged_ips; do
ssh -i "$ssh_key" "$pfsense_host" "pfctl -t $snort_table -T add $ip"
done
done
}

# Main script execution
handle_options "$@"</nowiki>

BASH - crtl-snort2c-fail2ban.sh - Revision history

Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "