nginx banned IP timer

[siga75]

is there an option to auto remove entries in the nginx ban table after a defined period? Should I define a cron job with "expiretable" command or something similar?

[fabian]

No, there is no automatic removal. Expire the table will not work as it will be filled again.

You have to delete the entries manually or via the API.

[siga75]

THX Fabian,

I guess it handled here for the manual remove

/usr/local/opnsense/mvc/app/cache/_usr_local_opnsense_mvc_app_views_opnsense_nginx_ban.volt.php

<script>
$(function () {
    $("#grid-ban").UIBootgrid(
        { 'search':'/api/nginx/bans/searchban',
            'del':'/api/nginx/bans/delban/',
            'options': {
                selection:false,
                multiSelect:false,
                formatters: {
                    "delbtn": function (column, row) {
                        return `<button type="button" class="btn btn-xs btn-default command-delete" data-row-id="${row.uuid}"
><span class=\"fa fa-unlock-alt\"></span></button>`;
                    }
                },
            }
        }
    );

});

But since I don't know how to use it, could I simply do a sed on this file? I also have information of the timestamp. Or there's another place where you store those IPs?

# grep -B 1 -A 2 71.6.146.186 /conf/config.xml
      <ban uuid="62507f77-b0c4-494d-a328-06aa2d7f7573">
        <ip>71.6.146.186</ip>
        <time>1570404540</time>
      </ban>

[fabian]

You can just use curl for the api. Just have the dev tools (network tab) open while deleting an entry. You can just right click on copy as curl and then adjust it to look like in the docs.

If you work directly on the firewall, you may also delete the ban entries manually and then flush the table. The cron job will refill it after 1minute again. You can also delete IP addresses one by one from the table.

Another alternative would be that you implement that feature and create a PR. The file you would have to change would be:

https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/scripts/nginx/ngx_autoblock.php

[siga75]

Thank you so much

Not so elegant, but does the job, I will eventually improve it

# /bin/sh
# key="/xxxxxxxxxWEy"
# secret="ippfxxxxxxxxxxxxdN"
# sed -n -e '/<Nginx/,/<\/Nginx>/p' /conf/config.xml | sed -n -e '/<ban uuid/,/<\/ban>/p' | awk -F'\"|<|>' -v TSTAMP=`date +%s` '/ban uuid/ {uuid=$3; getline; getline; if($3<TSTAMP-7*24*60*60) print uuid }' | while read UUID; do curl --ssl --insecure -X POST --data "{}" -H "Content-Type: application/json" --user "$key":"$secret" https://127.0.0.1:8443/api/nginx/bans/delban/$UUID; done
{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}{"result":"deleted"}#


# sed -n -e '/<Nginx/,/<\/Nginx>/p' /conf/config.xml | sed -n -e '/<ban uuid/,/<\/ban>/p'
      <ban uuid="da166ce2-f84f-4ae5-b23b-def173b2ca20">
        <ip>185.153.197.5</ip>
        <time>1573176421</time>
      </ban>
      <ban uuid="fc929064-aafb-4755-9a03-17464125103b">
        <ip>156.211.210.249</ip>
        <time>1573225981</time>
      </ban>
      <ban uuid="f8659144-cc18-4e1e-bf17-2633dfd24973">
        <ip>156.210.54.2</ip>
        <time>1573235581</time>
      </ban>
      <ban uuid="f7afc41c-d58f-42bb-9ef0-f0e2c55418b6">
        <ip>156.211.162.22</ip>
        <time>1573236961</time>
      </ban>
      <ban uuid="09a861c3-a5a9-4a2c-ac7b-3d87437371e4">
        <ip>207.241.229.160</ip>
        <time>1573516321</time>
      </ban>
      <ban uuid="211584f3-c055-47ed-b85a-d58b1610f768">
        <ip>198.108.66.176</ip>
        <time>1573532041</time>
      </ban>
      <ban uuid="ef17f478-9879-47a5-ae85-c923e06fd7e1">
        <ip>144.91.95.116</ip>
        <time>1573551841</time>
      </ban>