Re: [Shorewall-users] Can use shorewall to DROP 25 port using DNSBL

Wed, 25 Feb 2015 13:38:32 -0800 

Or in a crunch what I like to do is block the country with the offending
ips. So say you wanted to block all of vietnam:

#blrules
DROP    net:+vietnam    all

# see attached list of cidrs ( you can get cidr lists from
http://www.ip2location.com/blockvisitorsbycountry.aspx)
#!/bin/bash
vietnamFile='/tmp/vietnam-cidr.txt'
ipset create -exist vietnam hash:net

while read line; do
    [[ ! "$line" =~ ^# ]] && ipset add -exist vietnam $line ;
done < $vietnamFile


On Wed, Feb 25, 2015 at 12:48 PM, johnny bowen <[email protected]> wrote:

> So I'm taking a break from work, so I'll give you an example of what I
> would do. I'm going to assume you're using Centos6 and you have shorewall
> installed from EPEL.
>
> ## Install Ipsets
> yum install ipsets
>
> ## Create you set
> ipset create -exist DDOS hash:ip
>
> ## Configure Shorewall
>     # blrules
>         DROP    net:+DDOS    all
>
> ## Then in some other process foo.py (run this as a daemon or a cron or
> something)
>     def get_list_of_new_ddos_ips():
>          # get your ips somehow
>          # return ip_list
>          pass
>
>     for ip in get_list_of_new_ddos_ips():
>         ipset add -exist DDOS ip
>
> ## Notes
> 1) You'll need to persist your ipset somehow, they get deleted at reboot.
> There are many ways.
> 2) The foo.py is pseudo-code, don't use it as is.
> 3) You probably don't want shorewall to call a user script for each
> connection. You could easily bog down your system.
>
>
> On Wed, Feb 25, 2015 at 12:23 PM, johnny bowen <[email protected]> wrote:
>
>> http://shorewall.net/ipsets.html
>>
>> On Wed, Feb 25, 2015 at 12:22 PM, johnny bowen <[email protected]> wrote:
>>
>>> You could use ipsets for this.
>>>
>>> #blrules
>>> DROP    net:+badpeople    all
>>>
>>> #init
>>> ipset destroy -quiet badpeople
>>> ipset restore -exist < /etc/shorewall/ipsetlists/badpeople
>>>
>>>
>>>
>>>
>>> On Tue, Feb 24, 2015 at 1:48 AM, Eduardo Diaz - Gmail <
>>> [email protected]> wrote:
>>>
>>>> Hi to all I am fight with a DDOS based in smtp mail.
>>>>
>>>> I am using Debian 7.7 x86 and Shorewall-4.5.5.3
>>>>
>>>> I am getting errors to my domain trying to send mail every second or
>>>> more.
>>>>
>>>> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] sender verify
>>>> fail for <[email protected]>: Unrouteable address
>>>> 2015-02-24 10:25:21 H=([58.187.161.220]) [58.187.161.220] F=<
>>>> [email protected]> rejected RCPT <[email protected]>:
>>>> Sender verify failed
>>>> 2015-02-24 10:25:21 unexpected disconnection while reading SMTP command
>>>> from ([58.187.161.220]) [58.187.161.220] (error: Connection reset by peer)
>>>>
>>>>
>>>> At the begining use fail2ban to ban the concurrent conexion but the bad
>>>> people learn to not make the same conexion more than one. :-(
>>>>
>>>> All the ipaddres are listed in DNSbl and I can use a simple script to
>>>> test if this conexion is listed in DNSBL (using a internal program to cache
>>>> every ip).
>>>>
>>>> My intencion are:
>>>>
>>>> Every conexion that is made shorewall launch the script or the rule if
>>>> is listed in DNSBL-Drop if not allow to connect to the mailserver.
>>>>
>>>> Shorewall has this funcionalty? because I search in the documentation
>>>> and I don't find any similar only the blacklist funcionality.
>>>>
>>>> Regards and thanks for the responses.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website,
>>>> sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub
>>>> for all
>>>> things parallel software development, from weekly thought leadership
>>>> blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join the
>>>> conversation now. http://goparallel.sourceforge.net/
>>>> _______________________________________________
>>>> Shorewall-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>>>
>>>>
>>>
>>
>

1.52.0.0/14
14.0.16.0/20
14.160.0.0/11
14.224.0.0/11
23.235.218.160/29
23.248.170.32/29
27.0.12.0/22
27.2.0.0/15
27.64.0.0/12
27.118.16.0/20
32.42.149.101/32
32.42.149.102/32
42.1.64.0/18
42.96.0.0/18
42.112.0.0/13
49.156.52.0/22
49.213.64.0/18
49.236.208.0/22
49.246.128.0/18
49.246.192.0/19
57.93.80.0/20
58.186.0.0/15
61.11.224.0/19
61.28.224.0/19
63.100.216.176/28
74.112.202.0/29
85.91.117.0/24
101.53.0.0/18
101.96.12.0/22
101.96.64.0/18
101.99.0.0/18
103.1.200.0/22
103.1.208.0/22
103.1.236.0/22
103.2.220.0/22
103.2.224.0/21
103.3.244.0/22
103.3.248.0/21
103.4.128.0/22
103.5.30.0/23
103.5.204.0/22
103.5.208.0/22
103.7.36.0/22
103.7.40.0/22
103.7.172.0/24
103.7.174.0/23
103.7.177.0/24
103.7.196.0/24
103.8.13.0/24
103.9.0.0/21
103.9.76.0/22
103.9.80.0/21
103.9.196.0/22
103.9.200.0/21
103.9.208.0/21
103.10.88.0/22
103.10.212.0/22
103.11.172.0/22
103.12.104.0/22
103.13.76.0/22
103.15.48.0/22
103.16.0.0/22
103.17.88.0/22
103.17.236.0/22
103.18.4.0/22
103.18.176.0/22
103.19.96.0/22
103.19.164.0/22
103.19.220.0/22
103.20.144.0/21
103.21.120.0/22
103.21.148.0/22
103.23.144.0/22
103.23.156.0/22
103.24.244.0/22
103.26.252.0/22
103.27.60.0/22
103.27.64.0/22
103.27.229.128/25
103.27.231.0/25
103.27.236.0/22
103.28.32.0/21
103.28.136.0/22
103.28.172.0/22
103.30.36.0/22
103.31.120.0/21
103.37.28.0/22
103.37.32.0/22
103.38.136.0/22
103.39.92.0/22
103.39.96.0/22
103.42.56.0/22
103.45.228.0/22
103.45.232.0/21
103.47.192.0/22
103.48.76.0/22
103.48.80.0/21
103.224.168.0/22
103.225.236.0/22
103.226.108.0/22
103.226.248.0/22
103.227.112.0/22
103.227.216.0/22
103.228.20.0/22
103.229.40.0/22
103.229.192.0/22
103.231.148.0/22
103.232.52.0/22
103.232.56.0/21
103.232.120.0/22
103.233.48.0/22
103.234.36.0/22
103.234.88.0/22
103.235.208.0/21
103.237.60.0/22
103.237.64.0/22
103.237.96.0/22
103.237.144.0/21
103.238.68.0/22
103.238.72.0/21
103.238.80.0/22
103.238.208.0/21
103.239.32.0/22
103.239.116.0/22
103.239.120.0/22
103.241.248.0/22
103.242.52.0/22
103.243.104.0/22
103.243.216.0/22
103.244.136.0/22
103.245.148.0/22
103.245.244.0/22
103.245.248.0/21
103.246.104.0/24
103.246.220.0/22
103.248.160.0/21
103.249.20.0/22
103.249.100.0/22
103.250.24.0/22
103.252.0.0/22
103.252.252.0/22
103.253.88.0/22
103.254.12.0/22
103.254.16.0/22
103.254.40.0/22
103.254.216.0/22
103.255.84.0/22
103.255.236.0/22
104.143.93.0/24
104.143.95.0/24
104.218.160.248/29
110.35.64.0/20
110.44.184.0/21
111.65.240.0/20
111.91.232.0/22
112.72.64.0/18
112.78.0.0/20
112.109.88.0/21
112.137.128.0/20
112.197.0.0/16
112.213.80.0/20
113.20.96.0/19
113.22.0.0/16
113.23.0.0/17
113.52.32.0/19
113.61.108.0/22
113.160.0.0/11
115.72.0.0/13
115.84.176.0/21
115.146.120.0/21
115.165.160.0/21
116.68.128.0/21
116.96.0.0/12
116.118.0.0/17
116.193.64.0/20
116.212.32.0/19
117.0.0.0/13
117.103.192.0/18
117.122.0.0/17
118.68.0.0/14
118.99.13.0/24
118.102.0.0/21
118.107.64.0/18
119.15.160.0/19
119.17.192.0/18
119.18.128.0/20
119.18.184.0/21
119.81.126.96/27
119.81.245.184/29
119.81.246.248/29
119.82.128.0/20
120.50.184.0/21
120.72.80.0/21
120.72.96.0/19
120.138.64.0/20
122.102.112.0/22
122.129.0.0/18
122.152.155.1/32
122.152.155.2/32
122.152.155.19/32
122.152.155.33/32
122.152.155.37/32
122.152.155.41/32
122.152.155.45/32
122.152.155.53/32
122.152.155.57/32
122.152.155.133/32
122.152.155.134/32
122.152.155.137/32
122.152.155.138/32
122.152.155.141/32
122.152.155.142/32
122.152.155.145/32
122.152.155.146/32
122.152.155.149/32
122.152.155.150/32
122.152.155.157/32
122.152.155.158/32
122.152.155.165/32
122.152.155.166/32
122.152.155.169/32
122.152.155.170/32
122.152.155.226/31
122.152.155.228/31
122.152.155.230/32
122.201.8.0/21
123.16.0.0/13
123.24.0.0/14
123.28.0.0/15
123.30.0.0/23
123.30.2.0/24
123.30.3.0/27
123.30.3.32/29
123.30.3.48/28
123.30.3.64/26
123.30.3.128/25
123.30.4.0/24
123.30.5.0/27
123.30.5.32/29
123.30.5.40/30
123.30.5.48/28
123.30.5.64/26
123.30.5.128/25
123.30.6.0/23
123.30.8.0/21
123.30.16.0/20
123.30.32.0/19
123.30.64.0/18
123.30.128.0/17
123.31.0.0/16
124.157.0.0/18
124.158.0.0/20
125.58.0.0/18
125.212.128.0/17
125.214.0.0/19
125.214.32.0/21
125.214.40.0/23
125.214.42.0/24
125.214.43.0/27
125.214.43.32/29
125.214.43.48/28
125.214.43.64/27
125.214.43.96/29
125.214.43.112/28
125.214.43.128/25
125.214.44.0/22
125.214.48.0/20
125.234.0.0/15
125.253.112.0/20
134.159.138.0/24
167.88.2.176/29
171.224.0.0/11
174.136.105.192/29
175.103.64.0/18
175.106.0.0/22
179.60.179.192/29
180.93.0.0/16
180.148.0.0/21
180.148.128.0/20
180.214.236.0/22
182.161.80.0/20
182.173.70.0/24
182.236.112.0/22
182.237.20.0/22
183.80.0.0/16
183.81.0.0/17
183.90.160.0/21
183.91.0.0/19
183.91.160.0/19
186.65.121.112/28
186.65.122.128/27
192.34.53.124/32
192.34.53.144/32
192.34.53.166/32
192.34.53.213/32
192.34.55.139/32
192.249.116.8/29
192.253.249.128/25
194.99.212.0/22
202.0.79.0/24
202.4.168.0/24
202.4.176.0/24
202.6.2.0/24
202.6.96.0/23
202.9.79.0/24
202.9.80.0/24
202.9.84.0/24
202.37.86.0/23
202.43.108.0/22
202.44.137.0/24
202.47.87.0/24
202.47.142.0/24
202.52.39.0/24
202.55.132.0/22
202.56.57.0/24
202.58.245.0/24
202.59.238.0/23
202.59.252.0/23
202.60.104.0/21
202.74.56.0/24
202.74.58.0/23
202.78.224.0/21
202.79.232.0/21
202.87.212.0/22
202.92.4.0/22
202.93.156.0/22
202.94.82.0/24
202.94.88.0/23
202.124.204.0/24
202.130.36.0/23
202.134.16.0/21
202.134.54.0/24
202.151.160.0/20
202.158.244.0/22
202.160.124.0/23
202.172.4.0/23
202.174.156.128/26
202.191.56.0/22
203.8.127.0/24
203.8.172.0/24
203.34.144.0/24
203.77.178.0/24
203.79.28.0/24
203.89.140.0/22
203.99.248.0/22
203.113.128.0/18
203.119.8.0/22
203.119.36.0/22
203.119.44.0/22
203.119.58.0/23
203.119.60.0/22
203.119.64.0/21
203.119.72.0/22
203.128.240.0/21
203.160.1.0/24
203.160.96.0/21
203.161.178.0/24
203.162.0.0/19
203.162.32.0/26
203.162.32.80/28
203.162.32.96/27
203.162.32.128/25
203.162.33.0/24
203.162.34.0/23
203.162.36.0/22
203.162.40.0/21
203.162.48.0/20
203.162.64.0/18
203.162.128.0/17
203.163.128.0/18
203.170.26.0/23
203.171.16.0/20
203.176.160.0/21
203.189.28.0/22
203.190.160.0/25
203.190.160.128/27
203.190.160.160/28
203.190.160.184/29
203.190.160.192/26
203.190.161.0/24
203.190.162.0/23
203.190.164.0/22
203.190.168.0/21
203.191.8.0/21
203.191.48.0/21
203.195.0.0/18
203.201.56.0/22
203.205.0.0/18
203.209.180.0/22
203.210.128.0/17
206.125.168.160/28
207.226.152.0/26
210.2.64.0/18
210.86.224.0/20
210.211.96.0/19
210.245.0.0/17
218.100.10.0/24
218.100.14.0/24
218.100.60.0/24
220.231.64.0/18
221.121.0.0/18
221.132.0.0/18
221.133.0.0/19
222.252.0.0/15
222.254.0.0/16
222.255.0.0/18
222.255.64.0/22
222.255.69.0/24
222.255.70.0/23
222.255.72.0/21
222.255.80.0/23
222.255.82.0/24
222.255.83.0/25
222.255.83.128/27
222.255.83.160/28
222.255.83.184/29
222.255.83.192/26
222.255.84.0/23
222.255.86.8/29
222.255.86.16/28
222.255.86.32/27
222.255.86.64/26
222.255.86.128/25
222.255.87.0/24
222.255.88.0/21
222.255.96.0/19
222.255.128.0/17
223.27.104.0/21

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to