Custom firewall script [SOLVED]

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Custom firewall script [SOLVED]

Post by AGENT »

How to add this list correctly to the firewall? the list is below.
Image

How to add the list in here? i just copy pasted the ip's to the area but it came up with an error
I'm trying to add my specific country ip ranges only to accept to the ssh. so i can connect to the ssh and also the myvestapanel only from my country ip range.
So if someone outside from the country cannot connected to my server via foreign ip address.
The canada ip list is just for demonstration purpose only, my country has small number of ip ranges.
Image
Last edited by AGENT on Mon Sep 06, 2021 5:22 pm, edited 1 time in total.

User avatar
myVesta
Site Admin
Posts: 608
Joined: Fri Jun 19, 2020 9:59 am
Re: How to add CIDR format IP list to firewall to accept specific country IP to the SSH others aswell?

Post by myVesta »

Well, that field can receive only one IP block.
But, there is custom callback in firewall that will execute /usr/local/vesta/data/firewall/custom.sh and /root/update_firewall_custom.sh if exists.

https://github.com/myvesta/vesta/blob/m ... rewall#L84
https://github.com/myvesta/vesta/blob/m ... ewall#L137

So, create /root/update_firewall_custom.sh and put there:

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.145.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.146.128.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.147.81.0/24 -j ACCEPT" >> $1
etc...
and chmod file:

Code: Select all

chmod a+x /root/update_firewall_custom.sh
I'm just not sure if DROP should be before or after ACCEPT, please test both cases.

In myVesta firewall you should suspend rule for SSH, because we define it here.

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

I tried the both ways putting the drop first and last line, but it's not working after suspend ssh from myvestacp.
after suspend from myvesta it should connect me to the server right? because i added my ip range to be accepted.
i did not tested to the myvesta port yet. this is just the file i made before test the ssh rules in case if the ssh rules worked and i'll add the myvesta port aswell.
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.224.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.228.108.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.250.240.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.252.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.1.176.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.148.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.152.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.11.32.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.77.64.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.84.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.227.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.247.48.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.22/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.204.212.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.20.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.180.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.68.200.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.129.232.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.96.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.153.220.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 223.224.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.224.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.228.108.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.250.240.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.252.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.121.88.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.1.176.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.148.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.152.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.11.32.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.21.164.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.77.64.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.84.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.227.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.247.48.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.8083/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.204.212.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.20.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.180.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.68.200.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 173.222.120.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.129.232.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.96.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.153.220.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 223.224.0.0/19 -j ACCEPT" >> $1

User avatar
myVesta
Site Admin
Posts: 608
Joined: Fri Jun 19, 2020 9:59 am
Re: Custom firewall script

Post by myVesta »

AGENT wrote:
Mon Sep 06, 2021 11:37 am
can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
you can do it for any port, just suspend rule in myVesta firewall for that port.
AGENT wrote:
Mon Sep 06, 2021 11:51 am
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet
if you use /usr/local/vesta/data/firewall/custom.sh file, then instead of

Code: Select all

echo "iptables -A INPUT ..." >> $1
just use

Code: Select all

iptables -A INPUT ...
and also chmod file:

Code: Select all

chmod a+x /usr/local/vesta/data/firewall/custom.sh

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

The both ways didn't worked for me. after adding them to the server and suspend the ssh from panel i canno't login into ssh.

The custom.sh i made

Code: Select all

#!/bin/bash

iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.224.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.226.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.228.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.232.0/21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.240.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT

User avatar
myVesta
Site Admin
Posts: 608
Joined: Fri Jun 19, 2020 9:59 am
Re: Custom firewall script

Post by myVesta »

did you run

Code: Select all

sudo /usr/local/vesta/bin/v-update-firewall
after you made custom file?

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

Oh I'm sorry i didn't, now i did it and got this errors

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
Last edited by AGENT on Mon Sep 06, 2021 3:14 pm, edited 2 times in total.

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory

AGENT
Posts: 14
Joined: Sun Sep 05, 2021 5:19 pm
Re: Custom firewall script

Post by AGENT »

AGENT wrote:
Mon Sep 06, 2021 3:13 pm
This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
The problem found, it's because i made the script in windows notepad++, so i tried to make the script using nano command to the server and it worked.


Post Reply