From 0946cc52048c95dbf8a2c17578578be30d270c58 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 22 May 2010 22:43:59 -0400 Subject: Adding IP-Blocklist package: This package uses the pf (pfctl) to block IP addresses. For each IP range or list added a pf table is made and applied to the firewall to prevent traffic from being sent to and traffic from being received from the target. You can either enter an IP range manually (experimental) or add a list from sites like iblocklist.com. Tested on 1.2.2 and 1.2.3 with FF and IE. --- config/ipblocklist/convert-execute.sh | 77 +++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100755 config/ipblocklist/convert-execute.sh (limited to 'config/ipblocklist/convert-execute.sh') diff --git a/config/ipblocklist/convert-execute.sh b/config/ipblocklist/convert-execute.sh new file mode 100755 index 00000000..f50baa98 --- /dev/null +++ b/config/ipblocklist/convert-execute.sh @@ -0,0 +1,77 @@ +pfctl -t ipblocklist -T kill +sed -i -e '/ipblocklist/d' /tmp/rules.debug + +#ipfw -f -q flush (Version 0.1.4) +ls lists > file_list.txt +filelist="file_list.txt" + +#READ contents in file_list.txt and process as file +for fileline in $(cat $filelist); do +iplist="lists/$fileline" +iplistout="lists/ipfw.ipfw" +perl convert.pl $iplist $iplistout +done +#echo "ipfw made" + +#clean up ipfw.ipfw (duplicates) +rm lists/ipfw.ipfwTEMP +sort lists/ipfw.ipfw | uniq -u >> lists/ipfw.ipfwTEMP +mv lists/ipfw.ipfwTEMP lists/ipfw.ipfw +#echo "ipfw clean" + + + +#Now edit /tmp/rules.debug + +#find my line for table +export i=`grep -n 'block quick from any to ' /tmp/rules.debug | grep -o '[0-9]\{2\}'` +export t=`grep -n 'User Aliases' /tmp/rules.debug |grep -o '[0-9]'` + +i=$(($i+'1')) +t=$(($t+'1')) +#echo $i +#echo $t + +rm /tmp/rules.debug.tmp + +#Insert table-entry limit +sed -i -e '/900000/d' /tmp/rules.debug +while read line + do a=$(($a+1)); + #echo $a; + if [ "$a" = "$t" ]; then + echo "" >> /tmp/rules.debug.tmp + echo "set limit table-entries 900000" >> /tmp/rules.debug.tmp + fi + echo $line >> /tmp/rules.debug.tmp +done < "/tmp/rules.debug" + +mv /tmp/rules.debug /tmp/rules.debug.old +mv /tmp/rules.debug.tmp /tmp/rules.debug + +pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1 + +rm /tmp/rules.debug.tmp +#Insert ipblocklist rules +a="0" +echo $a +while read line + do a=$(($a+1)); + echo $a; + if [ "$a" = "$i" ]; then + echo "" >> /tmp/rules.debug.tmp + echo "#ipblocklist" >> /tmp/rules.debug.tmp + echo "table persist file '/usr/local/www/packages/ipblocklist/lists/ipfw.ipfw'" >> /tmp/rules.debug.tmp + echo "block quick from to any label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + echo "block quick from any to label 'IP-Blocklist'" >> /tmp/rules.debug.tmp + fi + echo $line >> /tmp/rules.debug.tmp +done < "/tmp/rules.debug" + +mv /tmp/rules.debug /tmp/rules.debug.old +mv /tmp/rules.debug.tmp /tmp/rules.debug + +#Now execute the ipfw list (Take a long time in old version) +#sh lists/ipfw.ipfw (Version 0.1.4) +rm errorOUT.txt +pfctl -o basic -f /tmp/rules.debug > errorOUT.txt 2>&1 -- cgit v1.2.3