|
#!/usr/bin/perl -w # IPFREEZE v 0.4.5 # Copyright (C) 2003 gregoire HUBERT. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # Author : gregoire HUBERT <greg@coolkeums.org> use strict; use IPTables::IPv4::IPQueue qw(:constants); use NetPacket::IP; use NetPacket::TCP; # You shouldn't change this value use constant TIMEOUT => 1000000; # This is the blacklist time in second use constant BL_TIME => 600; use sigtrap qw(handler release_handler INT QUIT); use sigtrap qw(handler hup HUP); my $packet; my $ip; my $tcp; my $src_ip_addr; my $dst_tcp_port; my $return; my %blacklist; my @whitelist; my $flag=0; my $localtime; my $queue; # Clean exit procedure to release the queue handler correctly sub release_handler { undef $queue; open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." @@ SIGINT or SIGQUIT received ... exiting @@\n"; close MONFIC; exit(0); } sub update { $return=`iptables -F blacklist;`; foreach (keys %blacklist) { $return=`iptables -A blacklist -s $_ -j DROP;`; } } # Reset and load configuration from files sub hup { open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." @@ [re]loading configuration... @@\n"; undef %blacklist; undef @whitelist; open WHTLST, "</etc/ipfreeze/ip_whitelist"; open BLKLST, "</etc/ipfreeze/ip_blacklist"; $localtime = time(); while ($return=<WHTLST>) { chomp $return; next if ((length $return) < 6); $whitelist[++$#whitelist]=$return; } close WHTLST; while ($return=<BLKLST>) { chomp $return; next if ((length $return) < 6); $blacklist{$return}=-20; } close BLKLST; close MONFIC; &update(); } printf("starting firewall blacklist manager v 0.4.5 Grégoire HUBERT 28-07-2003\n"); $queue = new IPTables::IPv4::IPQueue(copy_mode => IPQ_COPY_PACKET, copy_range => 65535) or die IPTables::IPv4::IPQueue->errstr; open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." \@\@ Start daemon ipfreeze 0.4.5.\@\@\n"; close MONFIC; &hup(); while (1) { if (!defined($packet = $queue->get_message(TIMEOUT))) { if (IPTables::IPv4::IPQueue->errstr=~/Timeout/) { foreach (keys %blacklist) { if (($blacklist{$_}>0) && (!(--$blacklist{$_}))) { delete $blacklist{$_}; open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." -- $_\n"; close MONFIC; $flag=1; } } if ($flag) { &update(); $flag=0; } } else { die("ERREUR : '".IPTables::IPv4::IPQueue->errstr."'"); } } else { $ip = NetPacket::IP->decode($packet->payload()); $tcp = NetPacket::TCP->decode($ip->{data}); $src_ip_addr = $ip->{src_ip}; $dst_tcp_port = $tcp->{dest_port}; if (!($return = grep {/$src_ip_addr/} @whitelist)) { $blacklist{$src_ip_addr}=BL_TIME; &update(); open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." ++ $src_ip_addr (dst port=$dst_tcp_port).\n"; close MONFIC; } else { open MONFIC, ">>/var/log/ipfreeze.log"; $localtime = time(); print MONFIC localtime($localtime)." == Got packet from whitelisted address $src_ip_addr (dst_port=$dst_tcp_port).\n"; close MONFIC; } $queue->set_verdict($packet->packet_id(), NF_DROP) } }