ban/unban scripts for ipf firewall

System administrators are always running across unauthorized access requests and reasons to ban/block IP addresses – on webservers, daemons, etc. I’ve long used some homemade scripts to facilitate this and figured I would include them here.

Here’s the ‘ban’ script, which just takes an IP address to ban via ipf (e.g. “ban 1.2.3.4”):

#!/bin/bash

CIDR=32
CONF=ipf.conf

IP=`echo $1 | /bin/tr -d '[:alpha:]\:[:space:]'`

ESC_IP=`echo $IP | /bin/sed 's/\./\\\./g'`

EXISTS=`/bin/grep "$ESC_IP" /etc/ipf/$CONF`

if [ -n "$EXISTS" ]; then
        echo "$IP is already blocked"
        exit
fi

REGEX="\.0$"

if [[ $IP =~ $REGEX ]]; then
    CIDR=24
fi

CMD="block in quick from $IP/$CIDR to any"

echo $CMD | /usr/sbin/ipf -f -

/bin/echo $CMD >>/etc/ipf/$CONF

And here’s an unban script which reverses the ban:

#!/bin/bash

CIDR=32
CONF=ipf.conf

IP=`echo $1 | /bin/tr -d '[:alpha:]\:[:space:]'`

ESC_IP=`echo $IP | /bin/sed 's/\./\\\./g'`

EXISTS=`/bin/grep "$ESC_IP" /etc/ipf/ipf.conf`

if [ -z "$EXISTS" ]; then
        echo "$IP is not blocked"
        exit
fi

REGEX="\.0$"

if [[ $IP =~ $REGEX ]]; then
    CIDR=24
fi

CMD="block in quick from $IP/$CIDR to any"

echo $CMD | /usr/sbin/ipf -r -f -

/bin/echo $CMD >>/etc/ipf/unban_log

perl -pi -e "s/block in quick from $ESC_IP\/$CIDR to any\n//" /etc/ipf/ipf.conf

These files (and the init.d startup script) are at https://github.com/heybige/ipf-ban-unban