Date: Wed, 24 Nov 2004 11:21:04 +0200 (EET) From: Ciprian BADESCU <cbadescu@aspc.cs.utt.ro> To: freebsd-security@freebsd.org Subject: Re: Importing into rc.firewal rules Message-ID: <58613.62.23.212.61.1101288064.squirrel@62.23.212.61> In-Reply-To: <20041122200312.708B52BC0F@mx5.roble.com> References: <20041122120146.5292416A4CF@hub.freebsd.org> <20041122200312.708B52BC0F@mx5.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Francisco Reyes wrote:
>> I have a grown list of IPs that I am "deny ip from ###.### to any".
>> Infected machines, hackers, etc..
>> Is there a way to have this list outside of rc.firewall and just
>> read it in?
I've got another ideea (the table structure is faster, so it ahould be
used) of what should be put in /etc/rc.firewall:
`awk '{print "${ipfw} table n add $0"}' /etc/badusers.txt`.
just be sure that awk is in yout PATH, use use absolute path.
>
> Lots of good recommendation in this thread. Our own is a customized
> rc.firewall script <http://www.roble.com/docs/rc.firewall>; to parse
> multiple blacklist files, by IP and by port, with a little error
> checking:
>
> filterfile () {
> for ip in `grep -hv '^#' $file | \
> sed -e 's/^ *//' -e 's/^ *//' -e 's/#.*$//' -e 's/ .*$//' -e 's/
> .*$//' | \
> sort -u | grep -v '^$'` ; do
> if [ "`echo $ip | grep ^[1-9]`" = "" ] || \
> [ "`echo $ip | egrep '([a-z]|[A-Z]|^0|^255)'`" != "" ]; then
> echo "ERROR: $ip is not a valid IP address"
> continue
> elif [ "`echo $ip|egrep $WHITELIST`" != "" ]; then
> ## TO DO: better whitelist parsing.
> echo "ERROR: $ip is whitelisted"
> continue
> elif [ "$port" = "" ]; then
> ## Block IP if no port is specified.
> $IPFW add 210 deny ip from $ip to any
> elif [ $port = 53 ]; then
> ## Block both tcp and udp if port = DNS.
> $IPFW add 211 deny tcp from $ip to any $port
> $IPFW add 211 deny udp from $ip to any $port
> else
> ## Else: block tcp (and not udp).
> $IPFW add 212 deny tcp from $ip to any $port
> fi
> done
> }
> for file in `ls $BLACKLIST $BLACKLIST.[1-9]*` ; do
> if [ ! -s $file ]; then
> echo "WARNING: empty $file"
> continue
> elif [ "$file" = "$BLACKLIST" ]; then
> port=""
> else
> port="`echo $file | awk -F. '{print $NF}'`"
> if [ $port -lt 1 ] || [ $port -gt 65000 ]; then
> echo "ERROR: invalid port: $port"
> continue
> fi
> fi
> echo "PROCESSING: ${file} port: ${port}"
> filterfile $file
> done
>
> --
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58613.62.23.212.61.1101288064.squirrel>