# ufwban

A little CLI tool (wrapping **ufw**) that read Nginx access logs and block ip based on simple rules.
**THIS IS NOT** a replacement of **fail2ban**, i just do it for fun and to have a simple tool to configure quickly banning undesired IP.

This a **RUDE** IP deny. It will ban the IP on all machine ports with no ban time, so be careful !

## Requirements
* ufw
* Nginx
* Python >= 3.10

## Configuration
Create a `conf.json` next to the script. Use the [conf.json.example](./conf.json.example) for sample.

```json
{
    "rules": {
        "codes": [],
        "contents": [],
        "agents": []
    },
    "whitelist": []
}
```
* **codes**: List of unauthorized HTTP codes
* **contents**: string parts that are not not allowed in the request URL (ex: /x00, .json, .php, .env.local, etc...)
* **agents**: string parts that are not not allowed in user-agent (ex: bot)
* **whitelist**: List of IP to whitelist (ex: 192.168.1.1)

## Run
```bash
usage: ufwban [-h] [--dry-run] [--refresh] [--reload] [--live]

Ban ip from Nginx access logs based on simple rules.

options:
  -h, --help  show this help message and exit
  --dry-run
  --refresh   Drop all the deny ip in the UFW table and return
  --to-nginx  Generate an Nginx deny configuration
  --reload    Reload the UFW firewall
  --live      Read inputs from stdin
```

* Batch mode:
```bash
# read all access.log*, parse Nginx log and ban ip
python ufwban.py

# you can launch a --dry-run mode to see which ip is going to be denied
python ufwban.py --dry-run

# drop all "DENY IN" ufw rules (be careful)
python ufwban.py --refresh

# generate an Nginx deny configuration (use --dry-run to see updates before applying)
python ufwban.py --to-nginx
```

* Live mode:
```bash
# Read and parse Nginx access logs on each new entry and ban ip
tail -f /var/log/nginx/access.log | python ufwban.py --live
```

For each modes, a log is available to show which ip has been banned: `ufwban.log`.