#!/bin/sh
#  © Copyright  2012 David R. Forrest (Forrest)   drf@maplepark.com  
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the 
# Free Software Foundation, either version 3 of the License, or (at your 
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but 
# WITHOUT ANY WARRANTY; without even the implied warranty of 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see http://www.gnu.org/licenses/.

# Drops future ip packets from this attacker and add to /var/tmp/badacters
# D.R. Forrest 12/15/02
# Usage: dropbad ipaddress[/24]|FQDN  [comment_passed_to_report]

# $1 is ipaddress[/24] or FQDN to be dropped; $2 is just comment printed on report
#  -----Revisions -------------
# 1/23/03 Warn of bad IP address - don't append
# 7/22/03 Don't duplicate entries
# 8/21/05 Mail advice to root.
# 9/16/05 Added positional argument $2 as a print item.
#         (Used by killit to pass login name)
# 7/13/10 Added FQDN and Class C nets as options to IP
# 7/20/10 Abort if trying to block MX secondaries
# 4/14/12 Added IPv6 address routines
# 10/8/14 Converted to CentOS65

print_info=$2
## logger -st dropbad "Command line is: $0 $* Field 1 is: $1   Field 2 is: $2"  ## for debugging

## refresh history of hits
 /sbin/iptables-save |/usr/bin/uniq >/home/drf/ns1.iptables
 /sbin/ip6tables-save |/usr/bin/uniq >/home/drf/ns1.ip6tables

## Check for preexisting ip(6)tables entries
	/bin/grep "$1" /home/drf/ns1.iptables >/dev/null 2>&1 && \
	        { logger -st dropbad "$1 is already in iptables. Not added again!";
        	 exit; }
	/bin/grep "$1" /home/drf/ns1.ip6tables >/dev/null 2>&1 && \
		{ logger -st dropbad "$1 is already in iptables. Not added again!";
		 exit; }

if [[ $1 =~ ^2...:.*$ ]] ; then
        logger -st dropbad  "Seems we have an IPv6; $1 eh?"
        /sbin/ip6tables -I INPUT 8 -s $1 -j REJECT -m comment --comment "$print_info by sbin/dropbad"
	/usr/bin/logger -st dropbad  " $1 added to /home/drf/ns1.ip6tables and blocked in ip6tables. $print_info"
	printf "IPv6: $1 Blocked by dropbad.\n$print_info\t$(/usr/local/bin/host $1)" |/bin/mail -s "$1 IPv6 blocked"  root
	exit
fi 

if [[ ! $1  =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/?2?4?$ ]] ; then
	echo " Not an IPv4/6. Resolve $1 as an assumed FQDN and recheck"
	if [[ $(/usr/local/bin/host $1)  =~ '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)' ]] ; then  
		set $BASH_REMATCH; 
	fi    
fi

if [[ ! $1  =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/?2?4?$ ]] ; then {
#	logger -st dropbad -f /var/log/messages "$1 is not a valid net (Class C), host, IPv4, or IPv6. Not added."; 
	exit; }
fi


/sbin/iptables -I INPUT 5 -s $1 -j REJECT -m comment --comment "$print_info by sbin/dropbad"

# Print it
/usr/bin/logger -st dropbad " $1 added to and blocked in ip_tables. $print_info"
# and mail it.
/usr/bin/printf "IP $1 added to Blocked in ip_tables by dropbad. \n$print_info\t$(/usr/local/bin/host $1)" |\
/bin/mail -s "$1 IPv4 Blocked"  root
exit