Block suspicious IP with Linux firewall daemon

Block Brute-Force requests with Firewall Daemon from Bash Script

Firewall Daemon can help to protect against ongoing brute force attacks by detecting attempted attacks on the Linux host. To permanently protect the host from suspicious sources they can be blocked. The following bash script prevent from suspicious requests by append the IP address as argument and set it to reject using firewall-cmd.

The script was written on Debian 10 (buster), on Debian firewalld has to be installed first, as well as on Ubuntu 20. On RHEL and CentOS 7+ family and Fedora 30 or higher firewalld is default and the script can be used.

Install Firewalld on Debian

The firewalld package is available on the official Debian 10 repositories. Installation is quick as shown below commands.

Install firewalld in the terminal as root or user with sudo privileges.

If ufw is activated, the uncomplicated firewall (ufw) for managing the netfilter must be deactivated in order to make firewalld the standard firewall.

Run the firewall daemon and activate it for the system start.

Check if firewall daemon is running and availability of the service.

Load the new firewall rules and keep the status information.

Using Debian after run firewall-cmd –reload the error appears:

Error: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables:
line 4: RULE_REPLACE failed (no such file ordirectory): rule in chain OUTPUT

The solution is to run update-alternatives to force Debian to use iptables instead of nftables.

After switching from nftables to iptables, restart the Linux machine with reboot.

Firewalld configuring

Firewalld is a firewall-management solution that acts as a front-end for the iptables packet filter system provided by the Linux kernel. firewall-cmd is the utility used to manage the firewall configuration. The firewalld daemon manages groups of rules using entities called “zones”. Zones are like sets of rules that determine what traffic to allow based on the known trust of the networks to which the computer is connected. A zone is assigned to the network interfaces in order to determine the behavior that the firewall should allow.

A network interface assigned to the default zone public, using the firewall-cmd tool, with the command to check zones and interfaces.

If no network interface appears at interfaces (at line 6), this must still be assigned to the zone by querying the interfaces with ip or ifconfig (net-tools).

Here at the virtual Debian (buster) it is Link 2 ens33.

The interface ens33 is assigned to the default zone public.

Check the interface assigned to the zone with the output.

The interface ens33 is assigned to zone public.

Interacting Fail2ban and firewalld

Fail2ban (failure leads to ban) is an IPS framework developed in Python to prevent attacks. It runs on all Unixoid OS that is based on a managable packet filter system or a firewall such as iptables or firewalld on Linux.

line 13 in the script (above), if available and executed, the addresses banned by fail2ban are restored to their previously active state after firewalld has been processed. If fail2ban is not applied, lines 12-14 can be deleted.

Run the script

Run the script with append die source IP to reject suspicious requests through the firewall.

The locked IP address can be removed with the following command line in the bash shell.

Activate the rule entered through the firewall daemon.

Help to use firewall-cmd

Output of the changed and activated rule of the Public zone.

Check current firewall rules with the following commands.

Use the command firewall-cmd and iptables to list current rules.

Output standard zone for connections and interfaces.

Set a zone as the default zone.

Output currently active zones.

Output predefined zones.

Get help and man page of firewall-cmd.

Network Printer Management from Command Prompt

rundll32 printui.dll,PrintUIEntry

printui.dll is an executable for automated printer configuration tasks with features used by the printer configuration dialog boxes. These functions can also be called from a script or command-line batch file, or run interactively through the command prompt.

printui.dll runs with rundll32.exe to provide tools for demanding tasks, add printers, manage, delete, and add network printer connection.

Open printer server properties

Open properties of printer server

Connect to the network printer:

The LaserJet network printer which is shared on the SERVER, is installed on the client computer and connected to the server.

Setup printer using driver INF-file:

/if Installs printer using the specified INF-file
/b Basic printer name AddressLabel
/f Path to the printer driver INF-file
/r Portname or IP address
/m Model name of the printer driver from the INF-file
/Z Share this printer, use only with option “/if”

Delete local printer driver:

/dd Deletes the local printer driver
/m Model name of the printer driver
/q Do not display possible error messages

Delete network printer connection:

/dn Deletes the network printer connection.
/n The name of the printer.

  Help on printui.dll is get with the following command in the command prompt.

Batch example:

Example add network printer connection use from Loginscript.

Create Shortcut using VBScript

Create shortcuts on desktop with Visual Basic Script

VBScripts can help wherever automated tasks need to be used. Batch files may not always be appropriate, and the use of Group Policy may not always be available, where a Visual Basic Script can do this, for example, to provide shortcuts to applications.

The following VBScript creates a shortcut on the desktop, here for example to open the Windows Calculator.

Insert VBScript lines by  Copy Paste into Notepad and save them as create-shortcut.vbs, then douple-click to execute the VBScript will create the shortcut on desktop.

  Last but not least, enjoy to edit the Const lines in the script to use any other applications.

Now double-clicking the shortcut on the desktop opens the Windows Calculator.

This VBScript can be started with cscript from the command prompt or from a batch.

Exit mobile version