Skip to content
Snippets Groups Projects
Commit 7db94d07 authored by virus2500's avatar virus2500
Browse files

Merge pull request #2 from virus2500/iss1 

Iss1
parents 423fb48b d5721b11
No related branches found
Tags v1.0.2
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 3
1
View file @ 7db94d07
...@@ -4,10 +4,12 @@ Use at your own risk :) ...@@ -4,10 +4,12 @@ Use at your own risk :)
Create an ipset based blocklist from an text file (downloaded from e.g. blocklist.de) Create an ipset based blocklist from an text file (downloaded from e.g. blocklist.de)
V1.0.2: Added a whitelist and blacklist
!!! IMPORTANT !!!! !!! IMPORTANT !!!!
You will need to install ipset! You will need to install ipset!
Then open the blocklist.pl with your favorite text Editor and specify why your binarys are located. Then open the blocklist.pl with your favorite text Editor and specify where your binarys are located.
(These can be found via "which" e.g. "which iptables") (These can be found via "which" e.g. "which iptables")
......
blacklist.txt 0 → 100644
+ 3
0
View file @ 7db94d07
# IPV4 Blacklist just add ips whiteout #
#
# e.g. 3.3.3.3
blocklist.pl
+ 75
5
View file @ 7db94d07
#!/usr/bin/perl #!/usr/bin/perl
use strict; use warnings; use strict;
use warnings;
################################################################ ################################################################
###### Script to check Blocklist.de list. Block new IP ###### ###### Script to check Blocklist.de list. Block new IP ######
###### and unblock deleted entrys ###### ###### and unblock deleted entrys ######
...@@ -11,6 +12,8 @@ my $fileName = "Blocklist.txt"; ...@@ -11,6 +12,8 @@ my $fileName = "Blocklist.txt";
my $tmpDir = "/tmp"; my $tmpDir = "/tmp";
my $file = "$tmpDir/$fileName"; my $file = "$tmpDir/$fileName";
my $logFile = "/var/log/blocklist"; my $logFile = "/var/log/blocklist";
my $whiteList = "whitelist.txt";
my $blackList = "blacklist.txt";
## binarys ## ## binarys ##
my $iptables = "/sbin/iptables"; my $iptables = "/sbin/iptables";
...@@ -28,8 +31,11 @@ $added = $removed = $skipped = 0; ...@@ -28,8 +31,11 @@ $added = $removed = $skipped = 0;
## init arrays ## ## init arrays ##
my @fileArray = (); my @fileArray = ();
my @ipsetArray = (); my @ipsetArray = ();
my @whiteListArray = ();
my @blackListArray = ();
## init hashes for faster searching ## init hashes for faster searching
my %whiteListArray;
my $blackListArray;
my %ipsetArray; my %ipsetArray;
my %fileArray; my %fileArray;
...@@ -43,8 +49,11 @@ my @days = qw(Sun Mon Tue Wed Thu Fri Sat Sun); ...@@ -43,8 +49,11 @@ my @days = qw(Sun Mon Tue Wed Thu Fri Sat Sun);
#****************************# #****************************#
logging("Starting blocklist refresh"); logging("Starting blocklist refresh");
&iptablesCheck(); &iptablesCheck();
&getWhiteListArray();
&getBlackListArray();
&getFileArray(); &getFileArray();
&getIpsetArray(); &getIpsetArray();
print
&addIpsToBlocklist(); &addIpsToBlocklist();
&remIpsFromBlocklist(); &remIpsFromBlocklist();
&cleanup(); &cleanup();
...@@ -122,7 +131,6 @@ sub getFileArray { ...@@ -122,7 +131,6 @@ sub getFileArray {
sub getIpsetArray { sub getIpsetArray {
$output = `$ipset list blocklist`; $output = `$ipset list blocklist`;
@ipsetArray = split("\n", $output); @ipsetArray = split("\n", $output);
# %ipsetArray = map { $_ => 1} @ipsetArray;
#remove the first 6 Elements of our Array using splice (ipset header info) #remove the first 6 Elements of our Array using splice (ipset header info)
splice @ipsetArray, 0, 6; splice @ipsetArray, 0, 6;
%ipsetArray = map { $_ => 1} split("\n", $output); %ipsetArray = map { $_ => 1} split("\n", $output);
...@@ -130,13 +138,61 @@ sub getIpsetArray { ...@@ -130,13 +138,61 @@ sub getIpsetArray {
##### END getIpsetArray ######### ##### END getIpsetArray #########
######### getWhiteListArray ######
## puts all ips from our ##
## $whitelist into ##
## array whiteListArray ##
##################################
sub getWhiteListArray {
open(INFO, $whiteList) or die("Could not open Whitelist.");
foreach $line (<INFO>) {
push(@whiteListArray, $line);
}
close(INFO);
chomp(@whiteListArray);
}
##### END getWhiteListArray #####
######### getBlackListArray ######
## puts all ips from our ##
## $whitelist into ##
## array blackListArray ##
##################################
sub getBlackListArray {
open(INFO, $blackList) or die("Could not open Blacklist.");
foreach $line (<INFO>) {
push(@blackListArray, $line);
}
close(INFO);
chomp(@blackListArray);
}
##### END getBlackListArray #####
######## addIpsToBlocklist ###### ######## addIpsToBlocklist ######
## adds IPs to our blocklist ## ## adds IPs to our blocklist ##
################################# #################################
sub addIpsToBlocklist { sub addIpsToBlocklist {
foreach $line (@blackListArray) {
if ((exists $ipsetArray{"$line"}) || ($line ~~ @whiteListArray)) {
$skipped++;
} else {
if ($line eq &isIpv4($line)) {
$result = `$ipset add blocklist $line`;
$added++;
$message = "added $line";
logging($message);
} else {
$skipped++;
}
}
}
foreach $line (@fileArray) { foreach $line (@fileArray) {
if (exists $ipsetArray{"$line"}) { if ((exists $ipsetArray{"$line"}) || ($line ~~ @whiteListArray)) {
$skipped++; $skipped++;
} else { } else {
if ($line eq &isIpv4($line)) { if ($line eq &isIpv4($line)) {
...@@ -156,8 +212,22 @@ sub addIpsToBlocklist { ...@@ -156,8 +212,22 @@ sub addIpsToBlocklist {
## remove IPs from our blocklist ## ## remove IPs from our blocklist ##
##################################### #####################################
sub remIpsFromBlocklist { sub remIpsFromBlocklist {
# remove Ips that are in our whiteList
foreach $line (@whiteListArray) {
if ((exists $ipsetArray{"$line"}) && ($line ~~ @whiteListArray)) {
if ($line eq &isIpv4($line)) {
$result = `$ipset del blocklist $line`;
$message = "removed $line";
logging($message);
$removed++;
} else {
$skipped++;
}
}
}
foreach $line (@ipsetArray) { foreach $line (@ipsetArray) {
if (exists $fileArray{"$line"}) { if ((exists $fileArray{"$line"}) || ($line ~~ @blackListArray)) {
$skipped++; $skipped++;
} else { } else {
if ($line eq &isIpv4($line)) { if ($line eq &isIpv4($line)) {
......
whitelist.txt 0 → 100644
+ 3
0
View file @ 7db94d07
# IPV4 Whitelist just add ips
#
# e.g. 2.2.2.2
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment