diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-05-22 22:43:59 -0400 |
commit | 0946cc52048c95dbf8a2c17578578be30d270c58 (patch) | |
tree | 873427d78c778ce6ab7c60e05a6b6f773c40b9eb /config/ipblocklist/convert.pl | |
parent | 63d1f632b66a2a86da344044cbba4f89f07eee27 (diff) | |
download | pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.gz pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.tar.bz2 pfsense-packages-0946cc52048c95dbf8a2c17578578be30d270c58.zip |
Adding IP-Blocklist package: This package uses the pf (pfctl) to block IP addresses. For each IP range or list added a pf table is made and applied to the firewall to prevent traffic from being sent to and traffic from being received from the target. You can either enter an IP range manually (experimental) or add a list from sites like iblocklist.com. Tested on 1.2.2 and 1.2.3 with FF and IE.
Diffstat (limited to 'config/ipblocklist/convert.pl')
-rwxr-xr-x | config/ipblocklist/convert.pl | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/config/ipblocklist/convert.pl b/config/ipblocklist/convert.pl new file mode 100755 index 00000000..44b4add2 --- /dev/null +++ b/config/ipblocklist/convert.pl @@ -0,0 +1,67 @@ +#!/usr/bin/perl -w
+use strict;
+
+if($#ARGV != 1) {
+ print("Usage: $0 <input file> <output file>\n");
+ exit(1);
+}
+
+my ($line,$title,$iprange,$cidr);
+my $i = 30000;
+
+open(INFILE,'<',$ARGV[0]) or die("Could not open input file $ARGV[0]");
+open(OUTFILE,'>>',$ARGV[1]) or die("Could not open output file $ARGV[1]");
+
+foreach $line (<INFILE>) {
+ chomp($line);
+ $line =~ s/:((\d{1,3}[-\.]*){8})//;
+ $iprange = $1;
+ print OUTFILE "#$line\n";
+ foreach $cidr (split(/\n/,range($iprange))) {
+ print OUTFILE "$cidr\n";
+ #print OUTFILE "ipfw -q add 1000 drop ip from any to $cidr\n"; (version 0.1.4)
+ #$i++;
+ #print OUTFILE "ipfw -q add 1001 drop ip from $cidr to any\n"; (version 0.1.4)
+ #$i++;
+ }
+}
+
+close(INFILE);
+close(OUTFILE);
+
+sub ntoa {
+ return join ".",unpack("CCCC",pack("N",shift));
+}
+sub aton {
+ return unpack 'N', pack 'C4', split/\./, shift;
+}
+sub deaggregate {
+ my $thirtytwobits = 4294967295;
+ my $start = shift;
+ my $end = shift;
+ my $base = $start;
+ my ($step,$output);
+ while ($base <= $end) {
+ $step = 0;
+ while (($base | (1 << $step)) != $base) {
+ if (($base | (((~0) & $thirtytwobits) >> (31-$step))) > $end) {
+ last;
+ }
+ $step++;
+ }
+ if($step == 0) {
+ $output .= ntoa($base);
+ }else{
+ $output .= ntoa($base)."/" .(32-$step);
+ }
+ $output .= "\n";
+ $base += 1 << $step;
+ }
+ return $output;
+}
+sub range {
+ my ($address,$address2) = split /-/, shift;
+ $address = aton($address);
+ $address2 = aton($address2);
+ return deaggregate($address,$address2);
+}
\ No newline at end of file |