Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-08-30 06:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tweak of IP Limit

Browse source 
Added IP Limit to menu
This commit is contained in:
somebodywashere 2023-06-17 12:21:56 +00:00
parent 5188d516e3
commit b3088adb4e
3 changed files with 98 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/job/check_client_ip_job.go
View file

@ -129,8 +129,8 @@ func processLogFile() {
} }
time.Sleep(time.Second * 5) time.Sleep(time.Second * 3)
//added 5 seconds delay before cleaning logs to reduce chance of logging IP that already has been banned //added 3 seconds delay before cleaning logs to reduce chance of logging IP that already has been banned
if shouldCleanLog { if shouldCleanLog {
// clean log // clean log
if err := os.Truncate(GetAccessLogPath(), 0); err != nil { if err := os.Truncate(GetAccessLogPath(), 0); err != nil {

4
web/web.go
View file

@ -250,8 +250,8 @@ func (s *Server) startTask() {
// Check the inbound traffic every 30 seconds that the traffic exceeds and expires // Check the inbound traffic every 30 seconds that the traffic exceeds and expires
s.cron.AddJob("@every 30s", job.NewCheckInboundJob()) s.cron.AddJob("@every 30s", job.NewCheckInboundJob())
// check client ips from log file every 30 sec // check client ips from log file every 20 sec
s.cron.AddJob("@every 30s", job.NewCheckClientIpJob()) s.cron.AddJob("@every 20s", job.NewCheckClientIpJob())
// Make a traffic condition every day, 8:30 // Make a traffic condition every day, 8:30
var entry cron.EntryID var entry cron.EntryID

99
x-ui.sh
View file

@ -518,9 +518,9 @@ install_acme() {
} }
ssl_cert_issue_main() { ssl_cert_issue_main() {
echo "1) Get SSL" echo "${green}1.${plain} Get SSL"
echo "2) Revoke" echo "${green}2.${plain} Revoke"
echo "3) Force Renew" echo "${green}3.${plain} Force Renew"
read -p "Choose an option: " choice read -p "Choose an option: " choice
case "$choice" in case "$choice" in
1) ssl_cert_issue ;; 1) ssl_cert_issue ;;
@ -671,6 +671,91 @@ run_speedtest() {
speedtest speedtest
} }
iplimit_main() {
echo "${green}1.${plain} Install Fail2ban and configure IP Limit"
echo "${green}2.${plain} Uninstall"
echo "${green}3.${plain} Check logs"
read -p "Choose an option: " choice
case "$choice" in
1) install_iplimit ;;
2)
read -p "Remove Fail2ban aswell? (Default:n) [y/n]: " temp
if [[ "${temp}" == "y" || "${temp}" == "Y" ]]; then
rm -f /etc/fail2ban/filter.d/3x-ipl.conf
rm -f /etc/fail2ban/action.d/3x-ipl.conf
sudo apt-get remove fail2ban -y
else
rm -f /etc/fail2ban/filter.d/3x-ipl.conf
rm -f /etc/fail2ban/action.d/3x-ipl.conf
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
fi
;;
3)
cat /var/log/3xipl-banned.log ;;
*) echo "Invalid choice" ;;
esac
}
install_iplimit() {
if ! command -v fail2ban-client &>/dev/null; then
echo -e "${green}Fail2ban is not installed. Installing now...!${plain}"
sudo apt-get update
sudo apt-get install fail2ban -y
else
echo -e "${yellow}Fail2ban is already installed."
fi
echo -e "${green}Configuring IP Limit..."
#Check if jail.local exists
if ! test -f "/etc/fail2ban/jail.local"; then
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
fi
#Check if [3x-ipl] jail exists
if ! grep -qw '3x-ipl' /etc/fail2ban/jail.local; then
echo $'\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=3x-ipl\nlogpath=/var/log/daemon.log\nmaxretry=3\nfindtime=100\nbantime=300' >> /etc/fail2ban/jail.local
fi
#Check if 3x-ipl filter exist and remove if true
if test -f "/etc/fail2ban/filter.d/3x-ipl.conf"; then
rm -f /etc/fail2ban/filter.d/3x-ipl.conf
fi
#Check if 3x-ipl action exist and remove if true
if test -f "/etc/fail2ban/action.d/3x-ipl.conf"; then
rm -f /etc/fail2ban/action.d/3x-ipl.conf
fi
echo $'[Definition]\nfailregex = [LIMIT_IP].+Email= <F-USER>.+</F-USER>.+SRC= <HOST>\nignoreregex =' >> /etc/fail2ban/filter.d/3x-ipl.conf
sudo cat > /etc/fail2ban/action.d/3x-ipl.conf << 'EOF'
[INCLUDES]
before = iptables-common.conf
[Definition]
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> -j f2b-<name>
actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
<actionflush>
<iptables> -X f2b-<name>
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") BAN [Email] = <F-USER> [IP] = <ip> banned for <bantime> seconds." >> /var/log/3xipl-banned.log
actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
echo "$(date +"%%Y/%%m/%%d %%H:%%M:%%S") UNBAN [Email] = <F-USER> [IP] = <ip> unbanned." >> /var/log/3xipl-banned.log
[Init]
EOF
echo -e "${green}IP Limit installed and configured successfully."
echo -e "${green}To check logs of bans run."
before_show_menu
}
show_usage() { show_usage() {
echo "x-ui control menu usages: " echo "x-ui control menu usages: "
@ -718,9 +803,10 @@ show_menu() {
${green}18.${plain} Active Firewall and open ports ${green}18.${plain} Active Firewall and open ports
${green}19.${plain} Install WARP ${green}19.${plain} Install WARP
${green}20.${plain} Speedtest by Ookla ${green}20.${plain} Speedtest by Ookla
${green}21.${plain} IP Limit Management
" "
show_status show_status
echo && read -p "Please enter your selection [0-20]: " num echo && read -p "Please enter your selection [0-21]: " num
case "${num}" in case "${num}" in
0) 0)
@ -786,8 +872,11 @@ show_menu() {
20) 20)
run_speedtest run_speedtest
;; ;;
21)
iplimit_main
;;
*) *)
LOGE "Please enter the correct number [0-20]" LOGE "Please enter the correct number [0-21]"
;; ;;
esac esac
} }