More security for Gargoyle?

[tapper]

Hi we all like security and Gargoyle! So i had a thort why not ad a page to the web GUI called block lists and ad in all the block lists from Spamhaus.
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are
"hijacked"
or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP and EDROP
lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.

http://www.spamhaus.org/xbl/
The Exploit and Botnet Filter one wood be cool. It wood just be a script to ad ips to iptables.
all so what about the adblock lists from: https://gist.github.com/teffalump/7227752 This script from teffalump works grate with Gargoyle. I am running it rite now. It wood be a grate selling point to put on the frunt page to.

[tapper]

I found this script but don't no how to make it work with Gargoyle.

#!/bin/bash

#Script to add firewall rules to a linux system to completely block
#all traffic to and from networks in the spamhaus drop list.

#Copyright 2009, William Stearns, wstearns@pobox.com
#Released under the GPL. This and other tools can be found at
#http://www.stearns.org/

#Sole (optional) command line parameter is the file location of the
#drop list, such as:

#cd /var/lib/
#wget http://www.spamhaus.org/drop/drop.lasso
# ./spamhaus-drop /var/lib/drop.lasso

#While the DROP file should be regularly updated, this should
#probably be about once per day or less frequently; do _not_
#download DROP more than once an hour.

if [ -n "$1" ]; then
DropList="$1"
else
DropList="./drop.lasso"
fi
if [ ! -s "$DropList" ]; then
echo "Unable to find drop list file $DropList . Perhaps do:" >&2
echo "wget http://www.spamhaus.org/drop/drop.lasso -O $DropList"
echo "exiting." >&2
exit 1
fi

if [ ! -x /sbin/iptables ]; then
echo "Missing iptables command line tool, exiting." >&2
exit 1
fi

cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
/sbin/iptables -I INPUT -s "$OneNetBlock" -j DROP
/sbin/iptables -I OUTPUT -d "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -s "$OneNetBlock" -j DROP
/sbin/iptables -I FORWARD -d "$OneNetBlock" -j DROP
done

[tapper]

bump! Thoughts any one?

[n0pin]

I edited a script a little bit. Try it.

Put it into a /tmp folder.

Code: Select all

rm /tmp/drop.lasso
wget "http://www.spamhaus.org/drop/drop.lasso"
DropList="/tmp/drop.lasso"
cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
echo "iptables -I INPUT -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I OUTPUT -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
done

[tapper]

Hi n0pin
. I tried your scrip but it did not work for me. heres what i did. I used winscp to put in to /tmp and then went to webshel and did t sh /tmp/drop.lasso
and heres what i got back
Connecting to http://www.spamhaus.org (190.93.243.93:80)

drop.lasso 100% |*******************************| 16023 0:00:00 ETA
cat: can't open '/tmp/drop.lasso': No such file or directory
Success


Is it this line here?
rm /tmp/drop.lasso

hahaha i called the script drop.lasso so that is what it was doing rm drop.lasso i fixed that but it still did not work for me said file cant be opened.

[n0pin]

Hi n0pin
. I tried your scrip but it did not work for me. heres what i did. I used winscp to put in to /tmp and then went to webshel and did t sh /tmp/drop.lasso
and heres what i got back
Connecting to http://www.spamhaus.org (190.93.243.93:80)

drop.lasso 100% |*******************************| 16023 0:00:00 ETA
cat: can't open '/tmp/drop.lasso': No such file or directory
Success


Is it this line here?
rm /tmp/drop.lasso

Oops, I was in a hurry. I fixed the script. Now you can put it in any location.

Code: Select all

DropList="/tmp/drop.lasso"
wget -O "$DropList" "http://www.spamhaus.org/drop/drop.lasso"
cat "$DropList" \
| sed -e 's/;.*//' \
| grep -v '^ *$' \
| while read OneNetBlock ; do
echo "iptables -I INPUT -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I OUTPUT -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -s "$OneNetBlock" -j DROP" >> /etc/firewall.user
echo "iptables -I FORWARD -d "$OneNetBlock" -j DROP" >> /etc/firewall.user
done
rm /tmp/drop.lasso

[tapper]

yes it works thanks. I hope thees lists come to a plugin in the next Gargoyle

[altruizine]

I ran into an issue when trying this idea: After creating /etc/firewall.user with n0pin's version of the script, (re-)starting the firewall (e.g., with "/etc/init.d/firewall restart") does not terminate for a very long time.

I tracked this down to futile DNS reverse lookups on the blocked IPs in /usr/bin/delete_chain_from_table. I submitted a possible fix in this pull request:
https://github.com/ericpaulbishop/gargoyle/pull/308