Updated filterwall to do IP purging

1 files changed, 12 insertions, 4 deletions

diff --git a/filterwall.sh b/filterwall.sh
index deba71f..5c47a48 100755
--- a/filterwall.sh
+++ b/filterwall.sh
@@ -11,16 +11,24 @@
 
 BLOCK_FILE=/etc/firewall/blocked-ips
 
+# Purge the block file at the first hour of the first day of the
+# month to prevent stale IPs from sitting in the block file.
+if (( $(date +%d) == 1 )); then
+    if (( $(date +%H) == 0 )); then
+        echo > $BLOCK_FILE
+    fi
+fi
+
 # Filter SSHD Abusers
 egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \
-        egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
-        awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
+    egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
+    awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
 >> $BLOCK_FILE
 
 # Filter FTP Abusers
 grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \
-        egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
-        awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
+    egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \
+    awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \
 >> $BLOCK_FILE
 
 # De-dup the filter file.