APIBAN is made possible by the generosity of our sponsors.
Sample clients have been provided in a simple bash script or golang (go). The basic concept would be to create a chain in IPTABLES called APIBAN and have the clients executed via crontab
.
The GO client has been tested more than the bash script. It is recommended that the bash only be used as a template.
The GO client is provided as both source code to build and an executable suitable for most nix environments. It assumes that it will be run in /usr/local/bin/apiban/
.
UPDATES 2020-09-01
- added nftables client for bash (tested on debian 9/10)
Use the GO client if you can... the bash script is suitable for a template. Not recommended for production.
Bash script to check apiban API and block returned IP addresses with iptables.
- Download apiban.sh and apibanconfig.sys
- Make sure
jq
is installed on your system (apt install jq
) - Replace
MYAPIKEY
in apibanconfig.sys with your apiban api key - Run
chmod +x apiban.sh
- Run
./apiban.sh
as needed (cron recommended)
The client pulls the API key and last known ID from the apibanconfig.sys file.
When the script is executed, it first checks to see if the APIBAN chain exists in iptables. If the chain does not exist, it is recreated and the LKID is reset (allowing a full dump).
IP addresses are added to APIBAN chain and actions are logged in apiban-client.log.
This code is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.