Used when someone needs to be decisive amongst too much planning and inaction
cargo +nightly build --release
You may need to install the nightly toolchain with rustup
:
rustup toolchain install nightly
leroyjenkins reads data from stdin, and assumes each line is an IP address. Use in combination with standard unix tools like tail -F
. When an IP address shows up too often before its cache times out, it will added to the ipset with the specified timeout.
tail -F /tmp/ips.log | RUST_LOG=info ./target/release/leroyjenkins --bl-period=1m --bl-threshold=100 --ipset-base-time=100s --ipset-ban-ttl=1d --ipset-ipv6-name=leroy6 --ipset-ipv4-name=leroy4
Warning
leroyjenkins itself does nothing to your iptables rules. Use iptables (or your firewall of choice) to ban traffic when the IP matches any in the ipset.
Note
Must be run with enough privileges to actually add to ipsets. ๐
Because it reads from stdin and this is Unix, you can pipe stuff into it. Use tail -F
, use awk
, use grep
or rg
or ag
.
tail -F /var/log/app/app.ratelimit.log | ag 'naughty.behaviour' | stdbuf --output=L awk '{print $NF}' | leroyjenkins $LEROY_ARGS
Because it's Unix, use bash
and shuf
to ban a random IP every second for an hour with:
while sleep 1; do echo `shuf -i1-256 -n1`.`shuf -i1-256 -n1`.`shuf -i1-256 -n1`.`shuf -i1-256 -n1`; done | RUST_LOG=info ./target/release/leroyjenkins --bl-period=10s --bl-threshold=0 --ipset-base-time=100s --ipset-ban-ttl=1h --ipset-ipv6-name=leroy6 --ipset-ipv4-name=leroy4