閱讀文章 - 看板 FB_security

發信人cbadescu@aspc.cs.utt.ro (Ciprian BADESCU),

看板FB_security

標題Re: Importing into rc.firewal rules

發信站NCTU CSIE FreeBSD Server (Wed Nov 24 17:19:45 2004)

轉信站ptt!FreeBSD.csie.NCTU!not-for-mail

> Francisco Reyes wrote: >> I have a grown list of IPs that I am "deny ip from ###.### to any". >> Infected machines, hackers, etc.. >> Is there a way to have this list outside of rc.firewall and just >> read it in? I've got another ideea (the table structure is faster, so it ahould be used) of what should be put in /etc/rc.firewall: `awk '{print "${ipfw} table n add $0"}' /etc/badusers.txt`. just be sure that awk is in yout PATH, use use absolute path. > > Lots of good recommendation in this thread. Our own is a customized > rc.firewall script <http://www.roble.com/docs/rc.firewall> to parse > multiple blacklist files, by IP and by port, with a little error > checking: > > filterfile () { > for ip in `grep -hv '^#' $file | \ > sed -e 's/^ *//' -e 's/^ *//' -e 's/#.*$//' -e 's/ .*$//' -e 's/ > .*$//' | \ > sort -u | grep -v '^$'` ; do > if [ "`echo $ip | grep ^[1-9]`" = "" ] || \ > [ "`echo $ip | egrep '([a-z]|[A-Z]|^0|^255)'`" != "" ]; then > echo "ERROR: $ip is not a valid IP address" > continue > elif [ "`echo $ip|egrep $WHITELIST`" != "" ]; then > ## TO DO: better whitelist parsing. > echo "ERROR: $ip is whitelisted" > continue > elif [ "$port" = "" ]; then > ## Block IP if no port is specified. > $IPFW add 210 deny ip from $ip to any > elif [ $port = 53 ]; then > ## Block both tcp and udp if port = DNS. > $IPFW add 211 deny tcp from $ip to any $port > $IPFW add 211 deny udp from $ip to any $port > else > ## Else: block tcp (and not udp). > $IPFW add 212 deny tcp from $ip to any $port > fi > done > } > for file in `ls $BLACKLIST $BLACKLIST.[1-9]*` ; do > if [ ! -s $file ]; then > echo "WARNING: empty $file" > continue > elif [ "$file" = "$BLACKLIST" ]; then > port="" > else > port="`echo $file | awk -F. '{print $NF}'`" > if [ $port -lt 1 ] || [ $port -gt 65000 ]; then > echo "ERROR: invalid port: $port" > continue > fi > fi > echo "PROCESSING: ${file} port: ${port}" > filterfile $file > done > > -- > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"