#!/usr/bin/perl -w
# IPFREEZE v 0.4.5
# Copyright (C) 2003 gregoire HUBERT.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Author : gregoire HUBERT <greg@coolkeums.org>
use strict;
use IPTables::IPv4::IPQueue qw(:constants);
use NetPacket::IP;
use NetPacket::TCP;
# You shouldn't change this value
use constant TIMEOUT => 1000000;
# This is the blacklist time in second
use constant BL_TIME => 600;
use sigtrap qw(handler release_handler INT QUIT);
use sigtrap qw(handler hup HUP);
my $packet;
my $ip;
my $tcp;
my $src_ip_addr;
my $dst_tcp_port;
my $return;
my %blacklist;
my @whitelist;
my $flag=0;
my $localtime;
my $queue;
# Clean exit procedure to release the queue handler correctly
sub release_handler {
undef $queue;
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." @@ SIGINT or SIGQUIT received ... exiting @@\n";
close MONFIC;
exit(0);
}
sub update {
$return=`iptables -F blacklist;`;
foreach (keys %blacklist) {
$return=`iptables -A blacklist -s $_ -j DROP;`;
}
}
# Reset and load configuration from files
sub hup {
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." @@ [re]loading configuration... @@\n";
undef %blacklist;
undef @whitelist;
open WHTLST, "</etc/ipfreeze/ip_whitelist";
open BLKLST, "</etc/ipfreeze/ip_blacklist";
$localtime = time();
while ($return=<WHTLST>) {
chomp $return;
next if ((length $return) < 6);
$whitelist[++$#whitelist]=$return;
}
close WHTLST;
while ($return=<BLKLST>) {
chomp $return;
next if ((length $return) < 6);
$blacklist{$return}=-20;
}
close BLKLST;
close MONFIC;
&update();
}
printf("starting firewall blacklist manager v 0.4.5 Grégoire HUBERT 28-07-2003\n");
$queue = new IPTables::IPv4::IPQueue(copy_mode => IPQ_COPY_PACKET,
copy_range => 65535)
or die IPTables::IPv4::IPQueue->errstr;
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." \@\@ Start daemon ipfreeze 0.4.5.\@\@\n";
close MONFIC;
&hup();
while (1) {
if (!defined($packet = $queue->get_message(TIMEOUT))) {
if (IPTables::IPv4::IPQueue->errstr=~/Timeout/) {
foreach (keys %blacklist) {
if (($blacklist{$_}>0) && (!(--$blacklist{$_}))) {
delete $blacklist{$_};
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." -- $_\n";
close MONFIC;
$flag=1;
}
}
if ($flag) {
&update();
$flag=0;
}
}
else {
die("ERREUR : '".IPTables::IPv4::IPQueue->errstr."'");
}
}
else {
$ip = NetPacket::IP->decode($packet->payload());
$tcp = NetPacket::TCP->decode($ip->{data});
$src_ip_addr = $ip->{src_ip};
$dst_tcp_port = $tcp->{dest_port};
if (!($return = grep {/$src_ip_addr/} @whitelist)) {
$blacklist{$src_ip_addr}=BL_TIME;
&update();
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." ++ $src_ip_addr (dst port=$dst_tcp_port).\n";
close MONFIC;
}
else {
open MONFIC, ">>/var/log/ipfreeze.log";
$localtime = time();
print MONFIC localtime($localtime)." == Got packet from whitelisted address $src_ip_addr (dst_port=$dst_tcp_port).\n";
close MONFIC;
}
$queue->set_verdict($packet->packet_id(), NF_DROP)
}
}
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
