54 lines
1.6 KiB
JavaScript
54 lines
1.6 KiB
JavaScript
const whitelist = [
|
|
"127.0.0.1"
|
|
]
|
|
|
|
const net = require("net")
|
|
const {exec} = require("child_process");
|
|
const portlist = [21,1433]
|
|
const host = "0.0.0.0";
|
|
var ipSet = new Set()
|
|
servermap = new Map()
|
|
|
|
portlist.forEach(i => {
|
|
// create server
|
|
server = net.createServer()
|
|
// listen on port
|
|
server.listen(i, host, () => {
|
|
console.log(`TCP Server listening on ${host}:${i}`);
|
|
})
|
|
// defining connection event
|
|
server.on("connection", a => {
|
|
// if the ip is in the whitelist, ignore the connection (this is to prevent manually crafted packets to)
|
|
if(whitelist.includes(a.remoteAddress)) return
|
|
|
|
console.log(`incomming connection from : ${a.remoteAddress} on port ${i}`)
|
|
// handle error even on socket instance (prevents the econnreset error)
|
|
a.on("error", () => {})
|
|
// Add ip to ipSet
|
|
ipSet.add(a.remoteAddress)
|
|
})
|
|
servermap.set(i, server)
|
|
})
|
|
|
|
// This interval looks through the ipSet every 30 seconds and if there are an inside, it will ban them and remove them from the Set
|
|
setInterval(()=>{
|
|
ipSet.forEach(i => {
|
|
exec(`iptables -A INPUT -s ${i} -j DROP`, (error, stdout, stderr) => {
|
|
if (error) {
|
|
console.log(`error: ${error.message}`);
|
|
return;
|
|
}
|
|
if (stderr) {
|
|
console.log(`stderr: ${stderr}`);
|
|
return;
|
|
}
|
|
// console.log(`stdout: ${stdout}`);
|
|
});
|
|
ipSet.delete(i)
|
|
})
|
|
},30000)
|
|
|
|
|
|
process.on('uncaughtException', function (err) {
|
|
console.log(err);
|
|
}); |