https://github.com/drosocode/ipblocker

https://github.com/drosocode/ipblocker

Last synced: 9 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/drosocode/ipblocker
• Owner: drosoCode
• License: mit
• Created: 2021-01-28T08:25:04.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-08-23T18:14:04.000Z (over 4 years ago)
• Last Synced: 2025-06-21T06:06:46.507Z (9 months ago)
• Language: Python
• Size: 160 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# IP Blocker for Graylog and OPNsense

Software to block IPs on OPNsense firewall based on a gelf stream

## Installation

 - Import db.sql in your database system (Maria DB recommanded)

 - Customize your config.json file and edit its path in the docker-compose.yml file

 - Clone this repo and run `docker-compose build` to build the container and `docker-compose up -d` to start it

## Configuration

### IP Blocker:

|Name | Description |

|--------|------------|

| db_host | Database Host |

| db_user | Database User |

| db_password | Database Password |

| db_name | Database Name |

| gelf_bind_addr | Gelf listener bind address |

| gelf_port | Gelf listener port |

| api_host | OPNsense IP |

| api_apikey | OPNsense API key |

| api_secret | OPNsense API secret |

| api_alias_name | OPNsense Alias Name (host type) |

| api_scheme | http or https |

| api_verify | Enable / disable certificate verification |

| enable_ban_notif | Enable discord notification for each ip ban |

| bot_token | discord bot token (leave empty to disable the bot) |

| bot_channel | discord channel id to send notifications (in discord with dev mode, right click on the channel -> Copy Identifier) |

| check_interval | Check interval for ban processing (level 1 and 2), in seconds |

| level_x_detect_time | detection time for level 1 bans (in seconds) |

| level_x_detect_nb | detection time for level 1 bans (in seconds) |

| level_x_ban_time | duration of a ban (in seconds) |

| level_2_detect_nb_lvl1 | number of level 1 messages to get an equivalent level 2 |

There a 4 levels of ban:

 - level 1 and 2 are triggered when there was a specified number of messages (level_x_detect_nb) in a specified period of time (level_x_detect_time)

 - level 3 is instantly banned

 - level 4 is instantly and permantently banned

For levels 1 to 3 you can specify a ban time duration (level_x_ban_time)

### Graylog:

Create an output stream (GELF UDP) pointing to your IP Blocker ip/port  

The following fields are processed:  

 - IPV4: an IPv4 address (required)

 - threat_level: the level of the threat (from 1 to 4)  (required)

 - threat_rule: the name of the rule that triggered the ban (optional)

 - src_ip_geo_country: the country associated to the IP (optional)

 - src_ip_geo_city: the city associated to the IP (optional)

 - fields: json that can contains the previous fields (optional)

### OPNsense:

Create an api key (`System > Access > Users`)

Create an IP Alias of Host Type (`Firewall > Aliases`)

## Screenshots

![Web UI](.github/images/webui.png)

![Discord Bot](.github/images/discord.png)