Page 1 of 2

Custom firewall script [SOLVED]

Posted: Mon Sep 06, 2021 10:04 am
by AGENT
How to add this list correctly to the firewall? the list is below.
Image

How to add the list in here? i just copy pasted the ip's to the area but it came up with an error
I'm trying to add my specific country ip ranges only to accept to the ssh. so i can connect to the ssh and also the myvestapanel only from my country ip range.
So if someone outside from the country cannot connected to my server via foreign ip address.
The canada ip list is just for demonstration purpose only, my country has small number of ip ranges.
Image

Re: How to add CIDR format IP list to firewall to accept specific country IP to the SSH others aswell?

Posted: Mon Sep 06, 2021 10:30 am
by myVesta
Well, that field can receive only one IP block.
But, there is custom callback in firewall that will execute /usr/local/vesta/data/firewall/custom.sh and /root/update_firewall_custom.sh if exists.

https://github.com/myvesta/vesta/blob/m ... rewall#L84
https://github.com/myvesta/vesta/blob/m ... ewall#L137

So, create /root/update_firewall_custom.sh and put there:

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.145.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.146.128.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.147.81.0/24 -j ACCEPT" >> $1
etc...
and chmod file:

Code: Select all

chmod a+x /root/update_firewall_custom.sh
I'm just not sure if DROP should be before or after ACCEPT, please test both cases.

In myVesta firewall you should suspend rule for SSH, because we define it here.

Re: Custom firewall script

Posted: Mon Sep 06, 2021 11:37 am
by AGENT
can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?

Re: Custom firewall script

Posted: Mon Sep 06, 2021 11:51 am
by AGENT
I tried the both ways putting the drop first and last line, but it's not working after suspend ssh from myvestacp.
after suspend from myvesta it should connect me to the server right? because i added my ip range to be accepted.
i did not tested to the myvesta port yet. this is just the file i made before test the ssh rules in case if the ssh rules worked and i'll add the myvesta port aswell.
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet

Code: Select all

#!/bin/bash

echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.224.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.228.108.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.250.240.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.252.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.1.176.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.148.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.152.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.11.32.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.77.64.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.84.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.227.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.247.48.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.22/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.204.212.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.20.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.180.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.68.200.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.129.232.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.96.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.153.220.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 223.224.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.224.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.228.108.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.250.240.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.252.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.121.88.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.1.176.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.148.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.152.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.11.32.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.21.164.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.77.64.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.84.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.227.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.247.48.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.8083/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.204.212.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.20.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.180.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.68.200.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 173.222.120.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.129.232.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.96.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.153.220.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 223.224.0.0/19 -j ACCEPT" >> $1

Re: Custom firewall script

Posted: Mon Sep 06, 2021 12:13 pm
by myVesta
AGENT wrote: Mon Sep 06, 2021 11:37 am can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
you can do it for any port, just suspend rule in myVesta firewall for that port.
AGENT wrote: Mon Sep 06, 2021 11:51 am i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet
if you use /usr/local/vesta/data/firewall/custom.sh file, then instead of

Code: Select all

echo "iptables -A INPUT ..." >> $1
just use

Code: Select all

iptables -A INPUT ...
and also chmod file:

Code: Select all

chmod a+x /usr/local/vesta/data/firewall/custom.sh

Re: Custom firewall script

Posted: Mon Sep 06, 2021 1:39 pm
by AGENT
The both ways didn't worked for me. after adding them to the server and suspend the ssh from panel i canno't login into ssh.

The custom.sh i made

Code: Select all

#!/bin/bash

iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.224.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.226.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.228.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.232.0/21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.240.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT

Re: Custom firewall script

Posted: Mon Sep 06, 2021 1:57 pm
by myVesta
did you run

Code: Select all

sudo /usr/local/vesta/bin/v-update-firewall
after you made custom file?

Re: Custom firewall script

Posted: Mon Sep 06, 2021 2:47 pm
by AGENT
Oh I'm sorry i didn't, now i did it and got this errors

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.

Re: Custom firewall script

Posted: Mon Sep 06, 2021 3:13 pm
by AGENT
This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory

Re: Custom firewall script

Posted: Mon Sep 06, 2021 3:24 pm
by AGENT
AGENT wrote: Mon Sep 06, 2021 3:13 pm This is the problem i guess? i have no idea.

Code: Select all

/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
The problem found, it's because i made the script in windows notepad++, so i tried to make the script using nano command to the server and it worked.