Date: Wed, 24 Nov 2004 11:21:04 +0200 (EET) From: Ciprian BADESCU <cbadescu@aspc.cs.utt.ro> To: freebsd-security@freebsd.org Subject: Re: Importing into rc.firewal rules Message-ID: <58613.62.23.212.61.1101288064.squirrel@62.23.212.61> In-Reply-To: <20041122200312.708B52BC0F@mx5.roble.com> References: <20041122120146.5292416A4CF@hub.freebsd.org> <20041122200312.708B52BC0F@mx5.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Francisco Reyes wrote: >> I have a grown list of IPs that I am "deny ip from ###.### to any". >> Infected machines, hackers, etc.. >> Is there a way to have this list outside of rc.firewall and just >> read it in? I've got another ideea (the table structure is faster, so it ahould be used) of what should be put in /etc/rc.firewall: `awk '{print "${ipfw} table n add $0"}' /etc/badusers.txt`. just be sure that awk is in yout PATH, use use absolute path. > > Lots of good recommendation in this thread. Our own is a customized > rc.firewall script <http://www.roble.com/docs/rc.firewall> to parse > multiple blacklist files, by IP and by port, with a little error > checking: > > filterfile () { > for ip in `grep -hv '^#' $file | \ > sed -e 's/^ *//' -e 's/^ *//' -e 's/#.*$//' -e 's/ .*$//' -e 's/ > .*$//' | \ > sort -u | grep -v '^$'` ; do > if [ "`echo $ip | grep ^[1-9]`" = "" ] || \ > [ "`echo $ip | egrep '([a-z]|[A-Z]|^0|^255)'`" != "" ]; then > echo "ERROR: $ip is not a valid IP address" > continue > elif [ "`echo $ip|egrep $WHITELIST`" != "" ]; then > ## TO DO: better whitelist parsing. > echo "ERROR: $ip is whitelisted" > continue > elif [ "$port" = "" ]; then > ## Block IP if no port is specified. > $IPFW add 210 deny ip from $ip to any > elif [ $port = 53 ]; then > ## Block both tcp and udp if port = DNS. > $IPFW add 211 deny tcp from $ip to any $port > $IPFW add 211 deny udp from $ip to any $port > else > ## Else: block tcp (and not udp). > $IPFW add 212 deny tcp from $ip to any $port > fi > done > } > for file in `ls $BLACKLIST $BLACKLIST.[1-9]*` ; do > if [ ! -s $file ]; then > echo "WARNING: empty $file" > continue > elif [ "$file" = "$BLACKLIST" ]; then > port="" > else > port="`echo $file | awk -F. '{print $NF}'`" > if [ $port -lt 1 ] || [ $port -gt 65000 ]; then > echo "ERROR: invalid port: $port" > continue > fi > fi > echo "PROCESSING: ${file} port: ${port}" > filterfile $file > done > > -- > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58613.62.23.212.61.1101288064.squirrel>