# Add IPs connecting to WHITELIST_PORT to ipt_recent table WHITELIST.
# Connecting to WHITELIST_PORT +/-1 removes IP from WHITELIST.
# (WHITELIST_PORT should be set in shorewall/params)
#
# by Juergen Kreileder <jk@blackdown.de>
# http://blog.blackdown.de/2005/02/18/mitigating-ssh-brute-force-attacks-with-ipt_recent/

if [ -n "$LEVEL" ]; then
    run_iptables -N ${CHAIN}Add
    log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG
    run_iptables -A ${CHAIN}Add -j DROP
    run_iptables -N ${CHAIN}Del
    log_rule_limit $LEVEL ${CHAIN}Del WhitelistDel DROP "$LOG_LIMIT" $TAG
    run_iptables -A ${CHAIN}Del -j DROP

    run_iptables -A $CHAIN -p tcp -m multiport \
        --dports $[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1] \
        -m recent --remove --name WHITELIST -j ${CHAIN}Del
    run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT \
        -m recent --set --name WHITELIST -j ${CHAIN}Add
else
    run_iptables -A $CHAIN -p tcp -m multiport \
        --dports $[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1] \
        -m recent --remove --name WHITELIST -j DROP
    run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT \
        -m recent --set --name WHITELIST -j DROP
fi