Connects to a Juniper router and adds or removes a blackhole rule for an attack by IP address.
The actions can be modified such as adding a firewall rule.
This script uses the Juniper NETCONF PHP API. More information about this can be found at the following URL:
You must have a user and netconf enabled on your Juniper
to enable netconf go to your cli and type:
user@host> configure
user@host# set netconf ssh
if you wish to change netconf port instead of
user@host# set netconf ssh
use
user@host# set netconf ssh port <number>
Install php to your server:
sudo apt-get install php-cli php
- Configure the router in the
fastnetmon_juniper.phpfile
$cfg['hostname'] = "10.0.0.1"; // Juniper IP
$cfg['port'] = 880; //NETCONF Port
$cfg['username'] = "user"; //user
$cfg['password'] = "password"; //pass
- Change the
notify_about_attack.shwith the new to run the PHP script
This is the first buggy version, you are welcome to add more features.
-
Set executable bit
sudo chmod +x /etc/fastnetmon/scripts/notify_about_attack.sh -
For FastNetMon Advanced, please disable details:
sudo fcli set main notify_script_pass_details disable
sudo fcli commit
v1.0 - 5 Dec 18 - Initial version
Author: Christian David [email protected]
Based on Mikrotik Plugin by Maximiliano Dobladez [email protected]