diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
| commit | 0946cc52048c95dbf8a2c17578578be30d270c58 (patch) | |
| tree | 873427d78c778ce6ab7c60e05a6b6f773c40b9eb /config/ipblocklist/convert-execute.sh | |
| parent | 63d1f632b66a2a86da344044cbba4f89f07eee27 (diff) | |
| download | pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.gz pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.bz2 pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.zip | |
Adding IP-Blocklist package: This package uses the pf (pfctl) to block IP addresses. For each IP range or list added a pf table is made and applied to the firewall to prevent traffic from being sent to and traffic from being received from the target. You can either enter an IP range manually (experimental) or add a list from sites like iblocklist.com. Tested on 1.2.2 and 1.2.3 with FF and IE.
Diffstat (limited to 'config/ipblocklist/convert-execute.sh')
| -rwxr-xr-x | config/ipblocklist/convert-execute.sh | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh new file mode 100755 index 00000000..f50baa98 --- /dev/null +++ b/config/ipblocklist/convert-execute.sh @@ -0,0 +1,77 @@ +pfctl -t ipblocklist -T kill
+sed -i -e '/ipblocklist/d' /tmp/rules.debug
+
+#ipfw -f -q flush (Version 0.1.4)
+ls lists > file_list.txt
+filelist="file_list.txt"
+
+#READ contents in file_list.txt and process as file
+for fileline in $(cat $filelist); do
+iplist="lists/$fileline"
+iplistout="lists/ipfw.ipfw"
+perl convert.pl $iplist $iplistout
+done
+#echo "ipfw made"
+
+#clean up ipfw.ipfw (duplicates)
+rm lists/ipfw.ipfwTEMP
+sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP
+mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw
+#echo "ipfw clean"
+
+
+
+#Now edit /tmp/rules.debug
+
+#find my line for table
+export i=`grep -n 'block quick from any to <snort2c>' /tmp/rules.debug | grep -o '[0-9]\{2\}'`
+export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'`
+
+i=$(($i+'1'))
+t=$(($t+'1'))
+#echo $i
+#echo $t
+
+rm /tmp/rules.debug.tmp
+
+#Insert table-entry limit
+sed -i -e '/900000/d' /tmp/rules.debug
+while read line
+ do a=$(($a+1));
+ #echo $a;
+ if [ "$a" = "$t" ]; then
+ echo "" >> /tmp/rules.debug.tmp
+ echo "set limit table-entries 900000" >> /tmp/rules.debug.tmp
+ fi
+ echo $line >> /tmp/rules.debug.tmp
+done < "/tmp/rules.debug"
+
+mv /tmp/rules.debug /tmp/rules.debug.old
+mv /tmp/rules.debug.tmp /tmp/rules.debug
+
+pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1
+
+rm /tmp/rules.debug.tmp
+#Insert ipblocklist rules
+a="0"
+echo $a
+while read line
+ do a=$(($a+1));
+ echo $a;
+ if [ "$a" = "$i" ]; then
+ echo "" >> /tmp/rules.debug.tmp
+ echo "#ipblocklist" >> /tmp/rules.debug.tmp
+ echo "table <ipblocklist> persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp
+ echo "block quick from <ipblocklist> to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
+ echo "block quick from any to <ipblocklist> label 'IP-Blocklist'" >> /tmp/rules.debug.tmp
+ fi
+ echo $line >> /tmp/rules.debug.tmp
+done < "/tmp/rules.debug"
+
+mv /tmp/rules.debug /tmp/rules.debug.old
+mv /tmp/rules.debug.tmp /tmp/rules.debug
+
+#Now execute the ipfw list (Take a long time in old version)
+#sh lists/ipfw.ipfw (Version 0.1.4)
+rm errorOUT.txt
+pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1
|