From b3088adb4e97f5dad8bbb6e20e67a8ce5d2b740d Mon Sep 17 00:00:00 2001
From: somebodywashere <68244480+somebodywashere@users.noreply.github.com>
Date: Sat, 17 Jun 2023 12:21:56 +0000
Subject: [PATCH] Tweak of IP Limit Added IP Limit to menu
---
web/job/check_client_ip_job.go | 4 +-
web/web.go | 4 +-
x-ui.sh | 99 ++++++++++++++++++++++++++++++++--
3 files changed, 98 insertions(+), 9 deletions(-)
diff --git a/web/job/check_client_ip_job.go b/web/job/check_client_ip_job.go
index c1b4ab34..2fe8fe79 100644
--- a/web/job/check_client_ip_job.go
+++ b/web/job/check_client_ip_job.go
@@ -129,8 +129,8 @@ func processLogFile() {
}
- time.Sleep(time.Second * 5)
- //added 5 seconds delay before cleaning logs to reduce chance of logging IP that already has been banned
+ time.Sleep(time.Second * 3)
+ //added 3 seconds delay before cleaning logs to reduce chance of logging IP that already has been banned
if shouldCleanLog {
// clean log
if err := os.Truncate(GetAccessLogPath(), 0); err != nil {
diff --git a/web/web.go b/web/web.go
index a70ae3c8..3372344a 100644
--- a/web/web.go
+++ b/web/web.go
@@ -250,8 +250,8 @@ func (s *Server) startTask() {
// Check the inbound traffic every 30 seconds that the traffic exceeds and expires
s.cron.AddJob("@every 30s", job.NewCheckInboundJob())
- // check client ips from log file every 30 sec
- s.cron.AddJob("@every 30s", job.NewCheckClientIpJob())
+ // check client ips from log file every 20 sec
+ s.cron.AddJob("@every 20s", job.NewCheckClientIpJob())
// Make a traffic condition every day, 8:30
var entry cron.EntryID
diff --git a/x-ui.sh b/x-ui.sh
index 5b8950cc..cc8a9421 100644
--- a/x-ui.sh
+++ b/x-ui.sh
@@ -518,9 +518,9 @@ install_acme() {
}
ssl_cert_issue_main() {
- echo "1) Get SSL"
- echo "2) Revoke"
- echo "3) Force Renew"
+ echo "${green}1.${plain} Get SSL"
+ echo "${green}2.${plain} Revoke"
+ echo "${green}3.${plain} Force Renew"
read -p "Choose an option: " choice
case "$choice" in
1) ssl_cert_issue ;;
@@ -671,6 +671,91 @@ run_speedtest() {
speedtest
}
+iplimit_main() {
+ echo "${green}1.${plain} Install Fail2ban and configure IP Limit"
+ echo "${green}2.${plain} Uninstall"
+ echo "${green}3.${plain} Check logs"
+ read -p "Choose an option: " choice
+ case "$choice" in
+ 1) install_iplimit ;;
+ 2)
+ read -p "Remove Fail2ban aswell? (Default:n) [y/n]: " temp
+ if [[ "${temp}" == "y" || "${temp}" == "Y" ]]; then
+ rm -f /etc/fail2ban/filter.d/3x-ipl.conf
+ rm -f /etc/fail2ban/action.d/3x-ipl.conf
+ sudo apt-get remove fail2ban -y
+ else
+ rm -f /etc/fail2ban/filter.d/3x-ipl.conf
+ rm -f /etc/fail2ban/action.d/3x-ipl.conf
+ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+ fi
+ ;;
+ 3)
+ cat /var/log/3xipl-banned.log ;;
+ *) echo "Invalid choice" ;;
+ esac
+}
+
+install_iplimit() {
+ if ! command -v fail2ban-client &>/dev/null; then
+ echo -e "${green}Fail2ban is not installed. Installing now...!${plain}"
+ sudo apt-get update
+ sudo apt-get install fail2ban -y
+ else
+ echo -e "${yellow}Fail2ban is already installed."
+ fi
+
+ echo -e "${green}Configuring IP Limit..."
+ #Check if jail.local exists
+ if ! test -f "/etc/fail2ban/jail.local"; then
+ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+ fi
+
+ #Check if [3x-ipl] jail exists
+ if ! grep -qw '3x-ipl' /etc/fail2ban/jail.local; then
+ echo $'\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/daemon.log\nmaxretry=3\nfindtime=100\nbantime=300' >> /etc/fail2ban/jail.local
+ fi
+
+ #Check if 3x-ipl filter exist and remove if true
+ if test -f "/etc/fail2ban/filter.d/3x-ipl.conf"; then
+ rm -f /etc/fail2ban/filter.d/3x-ipl.conf
+ fi
+
+ #Check if 3x-ipl action exist and remove if true
+ if test -f "/etc/fail2ban/action.d/3x-ipl.conf"; then
+ rm -f /etc/fail2ban/action.d/3x-ipl.conf
+ fi
+
+ echo $'[Definition]\nfailregex = [LIMIT_IP].+Email= .+.+SRC= \nignoreregex =' >> /etc/fail2ban/filter.d/3x-ipl.conf
+
+ sudo cat > /etc/fail2ban/action.d/3x-ipl.conf << 'EOF'
+[INCLUDES]
+before = iptables-common.conf
+
+[Definition]
+actionstart = -N f2b-
+ -A f2b- -j
+ -I -p -j f2b-
+
+actionstop = -D -p -j f2b-
+
+ -X f2b-
+
+actioncheck = -n -L | grep -q 'f2b-[ \t]'
+
+actionban = -I f2b- 1 -s -j
+ echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = [IP] = banned for seconds." >> /var/log/3xipl-banned.log
+
+actionunban = -D f2b- -s -j
+ echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = [IP] = unbanned." >> /var/log/3xipl-banned.log
+
+[Init]
+EOF
+
+ echo -e "${green}IP Limit installed and configured successfully."
+ echo -e "${green}To check logs of bans run."
+ before_show_menu
+}
show_usage() {
echo "x-ui control menu usages: "
@@ -718,9 +803,10 @@ show_menu() {
${green}18.${plain} Active Firewall and open ports
${green}19.${plain} Install WARP
${green}20.${plain} Speedtest by Ookla
+ ${green}21.${plain} IP Limit Management
"
show_status
- echo && read -p "Please enter your selection [0-20]: " num
+ echo && read -p "Please enter your selection [0-21]: " num
case "${num}" in
0)
@@ -786,8 +872,11 @@ show_menu() {
20)
run_speedtest
;;
+ 21)
+ iplimit_main
+ ;;
*)
- LOGE "Please enter the correct number [0-20]"
+ LOGE "Please enter the correct number [0-21]"
;;
esac
}