aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: Help IPTABLES!!!!  (Read 4405 times)

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
Help IPTABLES!!!!
« on: December 27, 2004, 03:55:08 PM »

I neen help, well really I need a script that parses this file (mirror) and adds these ip's or ip ranges to be rejected to/by IPTABLES?

Any Help?

Here's a bit of what's inside:
Code: [Select]
002.001.000.085 - 002.001.000.085 , 000 , Fake File servers AP2P
003.001.000.060 - 003.001.000.060 , 000 , Fake File servers AP2P
003.001.000.251 - 003.001.000.251 , 000 , Fake File servers AP2P
004.000.038.034 - 004.000.038.036 , 000 , s0.micromend.bbnplanet.net AP2P
004.000.038.042 - 004.000.038.052 , 000 , s0.wbcsanfran.bbnplanet.net AP2P
004.000.038.058 - 004.000.038.060 , 000 , s0.verizonlegaldpt.bbnplanet.net AP2P
004.000.038.074 - 004.000.038.080 , 000 , s0.bdai12.bbnplanet.net AP2P
004.000.038.086 - 004.000.038.088 , 000 , s0.wennersf.bbplanet.net AP2P
004.000.038.114 - 004.000.038.120 , 000 , multilink1.cityofsm.bbnplanet.net AP2P
004.000.038.254 - 004.000.038.255 , 000 , multilink0.art3.bbnplanet.net AP2P
004.000.159.038 - 004.000.159.040 , 000 , s0.leo3.bbnplanet.net(lawenforcement online) AP2P
004.000.181.086 - 004.000.181.088 , 000 , s0.CR2.bbnplanet.net AP2P
004.000.242.066 - 004.000.242.080 , 000 , s0.animationtech.bbnplanet.net AP2P

I't could be somenthing like:
New line?, do I find a valid IP here? IP-range?, then a coma?, then 000?, ok then add it to IPTABLBES to be DROPED, end of line? then.....

New line?, do I find a valid IP here? IP-Range?, then a coma?, then 000?, ok then add it to IPTABLBES to be DROPED, end of line? then.....

More or less like this?
Thanks! It would help a lot...
« Last Edit: December 27, 2004, 03:56:49 PM by s0undt3ch »
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]

lfroen

  • Guest
Re: Help IPTABLES!!!!
« Reply #1 on: December 27, 2004, 04:43:07 PM »

Perl is pretty good in pattern matching. You can match ip by (\d{4}\.){4} for example. awk can brake like on some char (space is default).
You have to choose script language (I suggest perl), and then try to ask more specific questions.
One more personal advice: stay away from sh (sh, csh, tcsh ...)
It's really not that complicated :))
Logged

GonoszTopi

  • The current man in charge of most things.
  • Administrator
  • Hero Member
  • *****
  • Karma: 165
  • Offline Offline
  • Posts: 2676
Re: Help IPTABLES!!!!
« Reply #2 on: December 27, 2004, 05:04:45 PM »

What makes it a bit harder, is that you cannot specify ranges to iptables, only IP/netmask.

It is possible to do, but not so easy.

Have fun with it.
Logged
concordia cum veritate

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
RE: Help IPTABLES!!!!
« Reply #3 on: December 27, 2004, 05:47:51 PM »

The problem is that I don't know perl!!!
Nor SH!!!
Only a bit of PHP, and a bit of JAVA!!!!

 :]

Anyway, any help would be apreciated!!!!

P.S.: Tanks for all the help so far...
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
Re: Help IPTABLES!!!!
« Reply #4 on: December 27, 2004, 05:49:22 PM »

Quote
Originally posted by GonoszTopi
What makes it a bit harder, is that you cannot specify ranges to iptables, only IP/netmask.

It is possible to do, but not so easy.

Have fun with it.

Well, we could find out this:

If IP - IP then its a ip range, then all IP between will be added , dropped...
« Last Edit: December 27, 2004, 05:49:59 PM by s0undt3ch »
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]

GonoszTopi

  • The current man in charge of most things.
  • Administrator
  • Hero Member
  • *****
  • Karma: 165
  • Offline Offline
  • Posts: 2676
Re: Help IPTABLES!!!!
« Reply #5 on: December 28, 2004, 12:10:39 PM »

I'll might do it for you if I'll have some spare time - this is not a promise nor an offer, just thinking loud 8)
Logged
concordia cum veritate

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
Re: Help IPTABLES!!!!
« Reply #6 on: December 28, 2004, 01:00:40 PM »

Quote
Originally posted by GonoszTopi
I'll might do it for you if I'll have some spare time - this is not a promise nor an offer, just thinking loud 8)

I'm just smilling  :D just because of your thoughts!!
Want some more encoragement?

 :baby:
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]

greaman

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 42
Re: Help IPTABLES!!!!
« Reply #7 on: January 01, 2005, 10:52:40 PM »

Code: [Select]
#!/usr/bin/perl

$inputfile = "ipblock.dat";

$pattern = '^(\d{3}\.\d{3}\.\d{3}\.\d{3})\s\-\s(\d{3}\.\d{3}\.\d{3}\.\d{3})\s,\s\d{3}\s,\s(.*)$';

$template = "iptables -I INPUT -s IP -j DROP\n";

open FHANDLE, "<$inputfile" || die "couldn't open sourcefile\n";

while ($line = )
{
  $line =~ m/$pattern/go; # $1 first address, $2 second address, $3 explanation
  $left_border = $1;
  $right_border = $2;
  $template =~ s/IP/$left_border/;
  print $template;
}

close FHANDLE;

you have to modify the iptables template to enable ip ranges (--src-range)

and to use it you can either pipe the output into a script-file >>blockthemall.sh ;) or replace print with an exec-command...

just an idea ;)
Logged

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
Re: Help IPTABLES!!!!
« Reply #8 on: January 01, 2005, 11:50:13 PM »

Quote
Originally posted by greaman
you have to modify the iptables template to enable ip ranges (--src-range)
Sorry but how, what, wich, where?

Quote
and to use it you can either pipe the output into a script-file >>blockthemall.sh ;) or replace print with an exec-command...

Well, here's the result when running your script:
Code: [Select]
line 00001: iptables -I INPUT -s 002.001.000.085 -j DROP
(...)
line 00100: iptables -I INPUT -s 002.001.000.085 -j DROP
(...)
line 01000: iptables -I INPUT -s 002.001.000.085 -j DROP
(...)
line 10000: iptables -I INPUT -s 002.001.000.085 -j DROP
(...)
line 20000: iptables -I INPUT -s 002.001.000.085 -j DROP
(...)
line 22366: iptables -I INPUT -s 002.001.000.085 -j DROP
EndOfFile
Looks like something is wrong!
I understood what you where acomplishing with the script, but looks like althoug it ran on all the lines, It always kept the first in memory!?
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]

lfroen

  • Guest
Re: Help IPTABLES!!!!
« Reply #9 on: January 02, 2005, 06:20:01 AM »

That's becouse of bug in script. It should be like this:

Code: [Select]
#!/usr/bin/perl

$inputfile = "ipblock.dat";

$pattern = '^(\d{3}\.\d{3}\.\d{3}\.\d{3})\s\-\s(\d{3}\.\d{3}\.\d{3}\.\d{3})\s,\s\d{3}\s,\s(.*)$';

$template = "iptables -I INPUT -s IP -j DROP\n";

open FHANDLE, "<$inputfile" || die "couldn't open sourcefile\n";

while ($line = )
{
  $line =~ m/$pattern/go; # $1 first address, $2 second address, $3 explanation
  $left_border = $1;
  $right_border = $2;
  $codeline = $template;
  $codeline =~ s/IP/$left_border/;
  print $codeline;
}

close FHANDLE;
Logged

greaman

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 42
Re: Help IPTABLES!!!!
« Reply #10 on: January 02, 2005, 09:23:44 AM »

jup...my fault...happens after too much wine ;)

and you have to adjust the iptables command... I had no time to look up the exact command dropping the ranges, maybe later this day after some hours of sheep counting and resetting my brain :))
« Last Edit: January 02, 2005, 09:28:00 AM by greaman »
Logged

s0undt3ch

  • Full Member
  • ***
  • Karma: 0
  • Offline Offline
  • Posts: 200
    • http://ufsoft.org
Re: Help IPTABLES!!!!
« Reply #11 on: January 02, 2005, 02:29:35 PM »

Working good now!

Now for the ip ranges, can it be donne?

Something like
Code: [Select]
$ip1 !=  $ip2 then it's a range.
Instead of just dropping $ip2, drop everything between $ip1 and $ip2
Logged
s0undt3ch[/B]
[ AMD Athlon @ 1GHz / 768 RAM on Gentoo [SERVER] ]
[ P4 @ 2.8 GHz / 1Gig Ram on Gentoo ]