Initial YakPanel commit

script/open_malicious_ip.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+configure_logging() {
+    sudo tee /etc/rsyslog.d/ip-daily-log.conf <<EOF
+:msg, contains, "DAILY-IP: " -/var/log/IP-DAILY-LOG.log
+& stop
+EOF
+
+sudo tee /etc/logrotate.d/ip-daily-log <<EOF
+/var/log/IP-DAILY-LOG.log {
+    daily
+    rotate 3            # 仅保留3天历史
+    missingok
+    nocompress          # 无需压缩
+    notifempty
+    sharedscripts
+    postrotate
+        systemctl reload rsyslog >/dev/null 2>&1
+    endscript
+}
+EOF
+    sudo systemctl restart rsyslog
+}
+
+
+sudo iptables -C IN_BT_log -j IN_BT_log_DAILY > /dev/null 2>&1
+
+if [ $? -eq 0 ]; then
+    echo "rules 'iptables -I IN_BT_log -j IN_BT_log_DAILY' Exiting..."
+    exit 0
+else
+    echo "add rule..."
+    sudo iptables -N IN_BT_log_DAILY
+    sudo iptables -I IN_BT_log -j IN_BT_log_DAILY
+    sudo iptables -A IN_BT_log_DAILY -m recent --name DAILY_IPS --rcheck --seconds 86400 -j RETURN
+    sudo iptables -A IN_BT_log_DAILY -m recent --name DAILY_IPS --set -j LOG --log-prefix "DAILY-IP: " --log-level 4
+
+    ipset create in_bt_malicious_ipset hash:ip maxelem 1000000 timeout 0;
+    iptables -A IN_BT_ip -m set --match-set in_bt_malicious_ipset src -j DROP
+    systemctl reload BT-FirewallServices
+    configure_logging
+    echo "add rule finish..."
+fi