Custom firewall script [SOLVED]

Post Reply
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

How to add this list correctly to the firewall? the list is below.
Image

How to add the list in here? i just copy pasted the ip's to the area but it came up with an error
I'm trying to add my specific country ip ranges only to accept to the ssh. so i can connect to the ssh and also the myvestapanel only from my country ip range.
So if someone outside from the country cannot connected to my server via foreign ip address.
The canada ip list is just for demonstration purpose only, my country has small number of ip ranges.
Image
Last edited by AGENT on Mon Sep 06, 2021 5:22 pm, edited 1 time in total.
Top
User avatar
myVesta
Site Admin
Posts: 946
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 9 times
Been thanked: 6 times

Well, that field can receive only one IP block.
But, there is custom callback in firewall that will execute /usr/local/vesta/data/firewall/custom.sh and /root/update_firewall_custom.sh if exists.

https://github.com/myvesta/vesta/blob/m ... rewall#L84
https://github.com/myvesta/vesta/blob/m ... ewall#L137

So, create /root/update_firewall_custom.sh and put there:

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.145.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.146.128.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.147.81.0/24 -j ACCEPT" >> $1
etc...
and chmod file:

Code: Select all

chmod a+x /root/update_firewall_custom.sh
I'm just not sure if DROP should be before or after ACCEPT, please test both cases.

In myVesta firewall you should suspend rule for SSH, because we define it here.
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

I tried the both ways putting the drop first and last line, but it's not working after suspend ssh from myvestacp.
after suspend from myvesta it should connect me to the server right? because i added my ip range to be accepted.
i did not tested to the myvesta port yet. this is just the file i made before test the ssh rules in case if the ssh rules worked and i'll add the myvesta port aswell.
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.224.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.228.108.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.250.240.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.252.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.1.176.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.148.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.152.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.11.32.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.77.64.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.84.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.227.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.247.48.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.22/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.204.212.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.20.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.180.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.68.200.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.129.232.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.96.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.153.220.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 223.224.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.224.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.228.108.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.250.240.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.252.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.121.88.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.1.176.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.148.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.152.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.11.32.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.21.164.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.77.64.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.84.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.227.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.247.48.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.8083/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.204.212.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.20.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.180.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.68.200.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 173.222.120.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.129.232.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.96.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.153.220.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 223.224.0.0/19 -j ACCEPT" >> $1
Top
User avatar
myVesta
Site Admin
Posts: 946
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 9 times
Been thanked: 6 times

AGENT wrote: Mon Sep 06, 2021 11:37 am can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
you can do it for any port, just suspend rule in myVesta firewall for that port.
AGENT wrote: Mon Sep 06, 2021 11:51 am i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet
if you use /usr/local/vesta/data/firewall/custom.sh file, then instead of

Code: Select all

echo "iptables -A INPUT ..." >> $1
just use

Code: Select all

iptables -A INPUT ...
and also chmod file:

Code: Select all

chmod a+x /usr/local/vesta/data/firewall/custom.sh
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

The both ways didn't worked for me. after adding them to the server and suspend the ssh from panel i canno't login into ssh.

The custom.sh i made

Code: Select all

#!/bin/bash

iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.224.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.226.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.228.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.232.0/21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.240.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT
Top
User avatar
myVesta
Site Admin
Posts: 946
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 9 times
Been thanked: 6 times

did you run

Code: Select all

sudo /usr/local/vesta/bin/v-update-firewall
after you made custom file?
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

Oh I'm sorry i didn't, now i did it and got this errors

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
Last edited by AGENT on Mon Sep 06, 2021 3:14 pm, edited 2 times in total.
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
Top
AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm

AGENT wrote: Mon Sep 06, 2021 3:13 pm This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
The problem found, it's because i made the script in windows notepad++, so i tried to make the script using nano command to the server and it worked.
Top
Post Reply

Return to “Firewall”