OneFirewall
Account
Profile
Logout
Dashboard
MENU
Agent
Api Doc
Members
Users
Config
Agent
Cyber Crime Threshold:
Aggressive 75
Very Aggressive 50
Aggressive 75
Moderate 100
Tolerant 125
Very Tolerant 200
Your Custom Cyber Crime
Edit
Target System:
-- Select --
Linux x64
Linux x86
Linux Armv7
MacOS x64
Windows x86
Windows x64
SHA-256 Checksum:
Intrusion Prevention Systems (IPS):
Iptables (Linux)
PFList (MacOS/BSD)
Cloudflare
ModSecurity
HAProxy
CSV(IP,Score)
Intrusion Detection Systems (IDS):
ModSecurity
SSH Logs
Cloudflare
Luna Project
PFList OFA List
PFList Reload Command
IPSet ACL List
IPSet Reload Command
Cloudflare E-Mail
Cloudflare Global API Key
ModSec Rulset
ModSec Logs
ModSec Reload Command
Host
Username
Password
HAProxy
HAProxy Logs
HAProxy Reload Command
CSV(IP,Score)
CSV Filepath
CSV Reload Command
Luna - Threat Source List
[ {"url": "http://www.ciarmy.com/list/ci-badguys.txt", "source": "ciarmy","confidence": 60, "auth": ""}, {"url": "http://danger.rulez.sk/projects/bruteforceblocker/blist.php", "source": "danger.rulez.sk", "confidence": 50, "auth": ""}, {"url": "http://www.nothink.org/blacklist/blacklist_ssh_day.txt", "source": "nothink.org", "confidence": 50, "auth": ""}, {"url": "http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt", "source": "charles.the-haleys.org", "confidence": 60, "auth": ""}, {"url": "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt", "source": "EmergingThreats", "confidence": 80, "auth": ""}, {"url": "http://www.malwaredomainlist.com/hostslist/ip.txt", "source": "malwaredomainlist", "confidence": 80, "auth": ""}, {"url": "https://stopforumspam.com/downloads/toxic_ip_cidr.txt", "source": "stopforumspam", "confidence": 40, "auth": ""}, {"url": "http://malc0de.com/bl/IP_Blacklist.txt", "source": "malc0de", "confidence": 80, "auth": ""}, {"url": "https://www.squidblacklist.org/downloads/drop.malicious.rsc", "source": "squidblacklist", "confidence": 80, "auth": ""}, {"url": "http://api.blocklist.de/getlast.php?time=49999", "source": "blocklist", "confidence": 70, "auth": ""}, {"url": "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt", "source": "bambenekconsulting", "confidence": 70, "auth": ""}, {"url": "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist", "source": "feodotracker", "confidence": 60, "auth": ""}, {"url": "https://report.cs.rutgers.edu/DROP/attackers", "source": "rutgers", "confidence": 50, "auth": ""}, {"url": "https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt", "source": "ransomwaretracker", "confidence": 50, "auth": ""}, {"url": "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.rules", "source": "sslbl", "confidence": 50, "auth": ""}, {"url": "http://blocklist.greensnow.co/greensnow.txt", "source": "greensnow", "confidence": 50, "auth": ""}, {"url": "https://www.badips.com/get/list/any/2?age=1d", "source": "badips", "confidence": 20, "auth": ""}, {"url": "https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset", "source": "badips", "confidence": 60, "auth": ""}, {"url": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/alienvault_reputation.ipset", "source": "alienvult", "confidence": 60, "auth": ""}, {"url": "http://www.unsubscore.com/blacklist.txt", "source": "unsubscore", "confidence": 80, "auth": ""} ]
SSH Logs
Access Key
Secret Access Key
Region
Start From (in Timestamp):
ELK Full link for Logs
How to install
1. Download the Script into your target machine:
Select Target System
2. Generate and into the same folder your personal OFA Config JSON:
Generate config.json
3. Run the script "run.sh" or "run.ps1" every minute, you can use
crontab
or
scheduler
to automate
Prerequisites
1. sudo apt update -y && sudo apt install -y sudo ebtables ipset bridge-utils jq zip
2. sudo mkdir -p /opt/onefirewall/acl/ && sudo mkdir -p /opt/onefirewall/onefirewall_agent/
3. echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables
4. modprobe br_netfilter
5. ipset create blacklist hash:net maxelem 3000000
6. iptables -I FORWARD -m set --match-set blacklist src -j DROP
7. iptables -I INPUT -m set --match-set blacklist src -j DROP