Page 1 of 2
Custom firewall script [SOLVED]
Posted: Mon Sep 06, 2021 10:04 am
by AGENT
How to add this list correctly to the firewall? the list is below.
How to add the list in here? i just copy pasted the ip's to the area but it came up with an error
I'm trying to add my specific country ip ranges only to accept to the ssh. so i can connect to the ssh and also the myvestapanel only from my country ip range.
So if someone outside from the country cannot connected to my server via foreign ip address.
The canada ip list is just for demonstration purpose only, my country has small number of ip ranges.
Re: How to add CIDR format IP list to firewall to accept specific country IP to the SSH others aswell?
Posted: Mon Sep 06, 2021 10:30 am
by myVesta
Well, that field can receive only one IP block.
But, there is custom callback in firewall that will execute
/usr/local/vesta/data/firewall/custom.sh and
/root/update_firewall_custom.sh if exists.
https://github.com/myvesta/vesta/blob/m ... rewall#L84
https://github.com/myvesta/vesta/blob/m ... ewall#L137
So, create
/root/update_firewall_custom.sh and put there:
Code: Select all
#!/bin/bash
echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.145.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.146.128.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 209.147.81.0/24 -j ACCEPT" >> $1
etc...
and chmod file:
Code: Select all
chmod a+x /root/update_firewall_custom.sh
I'm just not sure if DROP should be before or after ACCEPT, please test both cases.
In myVesta firewall you should suspend rule for SSH, because we define it here.
Re: Custom firewall script
Posted: Mon Sep 06, 2021 11:37 am
by AGENT
can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
Re: Custom firewall script
Posted: Mon Sep 06, 2021 11:51 am
by AGENT
I tried the both ways putting the drop first and last line, but it's not working after suspend ssh from myvestacp.
after suspend from myvesta it should connect me to the server right? because i added my ip range to be accepted.
i did not tested to the myvesta port yet. this is just the file i made before test the ssh rules in case if the ssh rules worked and i'll add the myvesta port aswell.
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet
Code: Select all
#!/bin/bash
echo "iptables -A INPUT -p tcp --dport 22 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -j DROP" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.224.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.228.108.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.250.240.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 43.252.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.1.176.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.148.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.2.152.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.11.32.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.77.64.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.84.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.12.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.87.124.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.227.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 103.247.48.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.18.22/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.204.212.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.20.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.180.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 116.206.244.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.68.200.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.129.232.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.96.160.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.153.220.0/22 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 22 -s 223.224.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 5.157.88.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 14.140.59.152/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.49.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.65.114.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 23.209.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.224.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.228.108.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.250.240.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 43.252.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.10.234.64/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 45.121.88.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 46.244.29.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.72.88.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 57.93.16.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 61.245.160.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 66.165.255.32/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 74.91.26.104/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 88.221.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 95.181.239.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.17.160.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.247/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.248/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.252/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 96.47.41.254/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 101.2.176.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.1.176.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.148.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.2.152.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.11.32.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.21.164.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.77.64.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.84.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.12.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.87.124.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.99.100.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.121.206.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.138.180.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.139.210.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.142.50.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.144.60.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.167.252.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.227.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.241.27.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 103.247.48.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.21/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.18.8083/32 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.37.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.43.34/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.66.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.69.28/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.73.42/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.117.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.28.120.30/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.70.174.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.75.84.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 104.77.92.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 109.70.66.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 111.223.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 112.134.0.0/15 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 113.59.192.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.12.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.204.212.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.20.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.180.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 116.206.244.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 118.214.48.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 119.235.0.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 122.255.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 123.231.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.6.240.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 124.43.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 125.214.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 139.81.240.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.70/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.160.72/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.98/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.166.100/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.14/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 146.75.236.16/31 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 157.167.94.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.68.200.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.79.160/27 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.180.112/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.225.220.240/28 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 172.226.43.128/26 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 173.222.120.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 175.157.0.0/16 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 182.161.0.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.26.55.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 184.29.80.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.197.189.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 192.248.0.0/17 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 194.140.200.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.69.192.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.124.160.0/19 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.129.232.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.154.176/30 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.224/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 202.174.157.240/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.34.116.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.81.96.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.88.82.40/29 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.94.64.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.96.160.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.115.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.143.0.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.153.220.0/8083 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.64.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 203.189.184.0/21 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.74.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.95.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 206.49.112.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 208.196.50.0/23 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 212.104.224.0/20 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.57.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 218.100.61.0/24 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 220.247.192.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 222.165.128.0/18 -j ACCEPT" >> $1
echo "iptables -A INPUT -p tcp --dport 8083 -s 223.224.0.0/19 -j ACCEPT" >> $1
Re: Custom firewall script
Posted: Mon Sep 06, 2021 12:13 pm
by myVesta
AGENT wrote: ↑Mon Sep 06, 2021 11:37 am
can i do the same for port 8083? incase if i suspend the myvesta port from the panel i think that should block the whole connection to the panel?
you can do it for any port, just suspend rule in myVesta firewall for that port.
AGENT wrote: ↑Mon Sep 06, 2021 11:51 am
i did not checked this in /usr/local/vesta/data/firewall/custom.sh yet
if you use
/usr/local/vesta/data/firewall/custom.sh file, then instead of
Code: Select all
echo "iptables -A INPUT ..." >> $1
just use
and also chmod file:
Code: Select all
chmod a+x /usr/local/vesta/data/firewall/custom.sh
Re: Custom firewall script
Posted: Mon Sep 06, 2021 1:39 pm
by AGENT
The both ways didn't worked for me. after adding them to the server and suspend the ssh from panel i canno't login into ssh.
The custom.sh i made
Code: Select all
#!/bin/bash
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 22 -s 45.121.88.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 103.21.164.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 23.49.160.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 88.221.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 96.17.160.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.75.84.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 104.77.92.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 112.134.0.0/15 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 118.214.48.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 124.43.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 173.222.120.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.26.55.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 184.29.80.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.94.64.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 203.115.0.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.192.0/19 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.224.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.226.0/23 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.228.0/22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.232.0/21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 220.247.240.0/20 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 222.165.128.0/18 -j ACCEPT
Re: Custom firewall script
Posted: Mon Sep 06, 2021 1:57 pm
by myVesta
did you run
Code: Select all
sudo /usr/local/vesta/bin/v-update-firewall
after you made custom file?
Re: Custom firewall script
Posted: Mon Sep 06, 2021 2:47 pm
by AGENT
Oh I'm sorry i didn't, now i did it and got this errors
Code: Select all
/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.8.2 (nf_tables): Invalid target name `DROP
Try `iptables -h' or 'iptables --help' for more information.
Re: Custom firewall script
Posted: Mon Sep 06, 2021 3:13 pm
by AGENT
This is the problem i guess? i have no idea.
Code: Select all
/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
Re: Custom firewall script
Posted: Mon Sep 06, 2021 3:24 pm
by AGENT
AGENT wrote: ↑Mon Sep 06, 2021 3:13 pm
This is the problem i guess? i have no idea.
Code: Select all
/usr/local/vesta/bin/v-update-firewall: /root/update_firewall_custom.sh: /bin/bash^M: bad interpreter: No such file or directory
The problem found, it's because i made the script in windows notepad++, so i tried to make the script using nano command to the server and it worked.