| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- #!/bin/sh
- # Start fail2ban with the 3x-ipl jail
- if [ "$XUI_ENABLE_FAIL2BAN" = "true" ]; then
- LOG_FOLDER="${XUI_LOG_FOLDER:-/var/log/x-ui}"
- mkdir -p "$LOG_FOLDER"
- touch "$LOG_FOLDER/3xipl.log" "$LOG_FOLDER/3xipl-banned.log"
- mkdir -p /etc/fail2ban/jail.d /etc/fail2ban/filter.d /etc/fail2ban/action.d
- cat > /etc/fail2ban/jail.d/3x-ipl.conf << EOF
- [3x-ipl]
- enabled=true
- backend=auto
- filter=3x-ipl
- action=3x-ipl
- logpath=$LOG_FOLDER/3xipl.log
- maxretry=1
- findtime=32
- bantime=30m
- EOF
- cat > /etc/fail2ban/filter.d/3x-ipl.conf << 'EOF'
- [Definition]
- datepattern = ^%Y/%m/%d %H:%M:%S
- failregex = \[LIMIT_IP\]\s*Email\s*=\s*<F-USER>.+</F-USER>\s*\|\|\s*Disconnecting OLD IP\s*=\s*<ADDR>\s*\|\|\s*Timestamp\s*=\s*\d+
- ignoreregex =
- EOF
- cat > /etc/fail2ban/action.d/3x-ipl.conf << EOF
- [INCLUDES]
- before = iptables-allports.conf
- [Definition]
- actionstart = <iptables> -N f2b-<name>
- <iptables> -A f2b-<name> -j <returntype>
- <iptables> -I <chain> -p <protocol> -j f2b-<name>
- actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
- <actionflush>
- <iptables> -X f2b-<name>
- actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
- actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
- echo "\$(date +"%Y/%m/%d %H:%M:%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> $LOG_FOLDER/3xipl-banned.log
- actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
- echo "\$(date +"%Y/%m/%d %H:%M:%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> $LOG_FOLDER/3xipl-banned.log
- [Init]
- name = default
- protocol = tcp
- chain = INPUT
- EOF
- fail2ban-client -x start
- fi
- # Run x-ui
- exec /app/x-ui
|
