Delete Backend/multi/firewall-update.sh

2026-02-05 08:18:28 -06:00 · 2025-08-23 14:19:53 +02:00
parent 399bce5435
commit 15ab54a717
1 changed files with 0 additions and 112 deletions
--- a/Backend/multi/firewall-update.sh
+++ b/Backend/multi/firewall-update.sh
@@ -1,112 +0,0 @@
-#!/bin/bash
-
-set -euo pipefail
-
-# --- Configuration ---
-BLOCKLIST_DIR="/path/to/web/archive"
-LOGFILE="/var/log/Fail2Ban-Report.log"
-LOGGING=true  # Set to true to enable logging
-
-# Endpoint settings
-ENDPOINT_URL="https://your-ui-server/Fail2Ban-Report/endpoint/index.php"
-CLIENT_USERNAME="your_client_username"
-CLIENT_PASSWORD="your_client_password"
-CLIENT_UUID="your_client_uuid"
-
-# --- Set PATH ---
-export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-
-# --- Logging function ---
-log() {
-  if [ "$LOGGING" = true ]; then
-    echo "$(date '+%Y-%m-%d %H:%M:%S') - $*" >> "$LOGFILE"
-  fi
-}
-
-# --- Check prerequisites ---
-for cmd in jq ufw curl; do
-  if ! command -v "$cmd" &>/dev/null; then
-    log "ERROR: $cmd is not installed."
-    exit 1
-  fi
-done
-
-# --- Get currently blocked IPs from UFW ---
-TMP_BLOCKED="/tmp/current_ufw_blocklist.txt"
-ufw status numbered | grep "DENY IN" | awk '{print $3}' > "$TMP_BLOCKED" || true
-
-# --- Loop through all blocklist files ---
-for FILE in "$BLOCKLIST_DIR"/*.blocklist.json; do
-  [ -e "$FILE" ] || continue  # skip if no files match
-
-  JAIL_NAME=$(basename "$FILE" .blocklist.json)
-  log "Processing blocklist: $FILE"
-
-  # --- Extract active and inactive IPs ---
-  mapfile -t active_ips < <(jq -r '.[] | select(.active != false) | .ip' "$FILE")
-  mapfile -t inactive_ips < <(jq -r '.[] | select(.active == false) | .ip' "$FILE")
-
-  blocked_success=()
-
-  # --- BLOCK: Collect all new IPs and block them ---
-  for ip in "${active_ips[@]}"; do
-    if ! grep -qw "$ip" "$TMP_BLOCKED"; then
-      log "Blocking IP: $ip"
-      if ufw deny from "$ip"; then
-        blocked_success+=("$ip")
-      else
-        log "Failed to block $ip via ufw"
-      fi
-    fi
-  done
-
-  # Reload UFW once after all block actions
-  if ((${#blocked_success[@]} > 0)); then
-    log "Reloading UFW after block actions"
-    ufw reload
-  fi
-
-  # --- UNBLOCK: Process each inactive IP individually ---
-  for ip in "${inactive_ips[@]}"; do
-    mapfile -t rules < <(ufw status numbered | grep "$ip" | grep "DENY IN" | tac)
-    for rule in "${rules[@]}"; do
-      rule_number=$(echo "$rule" | awk -F'[][]' '{print $2}')
-      if [[ -n "$rule_number" ]]; then
-        log "Removing UFW rule #$rule_number for IP: $ip"
-        ufw --force delete "$rule_number"
-      fi
-    done
-  done
-
-  # --- JSON Update: pending=false for blocked_success, remove inactive entries ---
-  tmp_file=$(mktemp)
-  BLOCK_JSON=$(printf '%s\n' "${blocked_success[@]:-}" | jq -R . | jq -s .)
-  jq --argjson ips "$BLOCK_JSON" '
-    map(
-      if (.ip as $ip | $ips | index($ip)) then .pending = false else . end
-    )
-    | map(select(.active != false))
-  ' "$FILE" > "$tmp_file" && mv "$tmp_file" "$FILE"
-
-  # Set ownership and permissions
-  chown www-data:www-data "$FILE"
-  chmod 644 "$FILE"
-
-  # --- POST to Endpoint ---
-  log "Sending blocklist $FILE to endpoint..."
-  http_status=$(curl -sS -w "%{http_code}" -o /dev/null \
-    -u "${CLIENT_USERNAME}:${CLIENT_PASSWORD}" \
-    -H "X-Client-UUID: ${CLIENT_UUID}" \
-    --data-binary @"$FILE" \
-    "$ENDPOINT_URL")
-
-  if [[ "$http_status" -ge 200 && "$http_status" -lt 300 ]]; then
-    log "Blocklist $FILE successfully sent to endpoint (HTTP $http_status)."
-  else
-    log "ERROR: Failed to send $FILE to endpoint (HTTP $http_status)."
-  fi
-done
-
-log "All blocklists processed successfully."
-
-exit 0