A purposely simplified script to report port scans to AbuseIPDB.
Emphasizing efficiency, everything happens in RAM.
No temporary files to cause degraded flash storage.
Tested on GL.iNet Brume2, an Arm processor Ash Shell based firewall.
Implementation artifacts at https://kamsalisbury.github.io/code/arm/shell/2024/02/11/OpenWRT-AbuseIPDB/
Disclaimer: Modifying firewall-router operation is an advanced configuration. You are ultimately responsible for the security and operation of your network and devices, regardless of any advice-post-script on the Internet or anywhere.
- No extra packages required. Only the default ash shell, awk and sed utiltites are used.
- One firewall configuration change. By default, the "WAN->Reject firewall rule" does not log blocked packets. Enable logging blocked packets via https://your-router-ip/cgi-bin/luci/admin/network/firewall (or via command prompt; uci set firewall.@zone[1].log='1')
- Copy the script to your OpenWRT device.
- Edit the second to the last line of the script, inputting your "AbuseIPDB API Key" from https://www.abuseipdb.com/account/api
- Edit the second to the last line of the script, modifying the last portion of the timestamp value to reflect the correct time zone configuration for the router's location (or configure the router to use UTC and set the last portion of the timestamp value to -00:00)
- Edit the crontab to execute the script at least once per a day.
- Optional: Add the AbsueIPDB verfication code to your website.