aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar alecdwm 2016-04-09 11:40:27 +0200
committerGravatar alecdwm 2016-04-09 11:40:27 +0200
commit16a73fd7c900f34f2e0d0162cbf7e19d6e8620c9 (patch)
tree1f25471d02e80aa0caddefb340a2f5c07e2d951f
parent1ef898fcfb73592b1288a51ec561651ae002403b (diff)
added iptablesdrop mode
-rw-r--r--rsham.go16
1 files changed, 15 insertions, 1 deletions
diff --git a/rsham.go b/rsham.go
index 66ce99e..6736bf4 100644
--- a/rsham.go
+++ b/rsham.go
@@ -6,6 +6,8 @@ import (
"flag"
"io/ioutil"
"net"
+ "os/exec"
+ "strings"
"github.com/inconshreveable/log15"
"golang.org/x/crypto/ssh"
@@ -27,7 +29,7 @@ func main() {
flag.StringVar(&listenPort, "listenPort", "22",
"port to listen on")
flag.StringVar(&mode, "mode", "shell",
- "rsham mode (shell, blocklog)")
+ "rsham mode (shell, blocklog, iptablesdrop)")
flag.Parse()
@@ -84,6 +86,18 @@ func LoadServerConfig(hostKeyFile string) *ssh.ServerConfig {
func sshHandleConnection(mode string, nConn net.Conn, config *ssh.ServerConfig) {
switch mode {
+ case "iptablesdrop":
+ ip := nConn.RemoteAddr().String()[:strings.LastIndex(nConn.RemoteAddr().String(), ":")]
+
+ sshLog.Info("adding drop rule to iptables for ip", "ip", ip)
+ cmd := exec.Command("iptables", "-I INPUT", "-s "+ip, "-j DROP")
+ err := cmd.Run()
+ if err != nil {
+ sshLog.Error("error blocking IP", "ip", ip, "error", err)
+ }
+
+ nConn.Close()
+
case "blocklog":
sshLog.Info("Adding IP to blocklist", "ip", nConn.RemoteAddr())
blocklist, err := ioutil.ReadFile("blocklist.txt")