Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: [Linux] Blocking Your w00tw00ts with iptables
Special Forums Cybersecurity [Linux] Blocking Your w00tw00ts with iptables Post 302375110 by unSpawn on Thursday 26th of November 2009 01:37:22 PM
Old 11-26-2009
Quote:
Originally Posted by Neo
Describe your implementation "step-by-step" in a detailed write-up
Those disappointed by the lack of details handouts sure could call it RTF(ine)M or accuse me of handwaving, NP, but anyone with basic GNU/Linux admin skills (as in knowing how to read the documentation) should be able to cobble up the parts themselves.


Quote:
Originally Posted by Neo
PS (Edit): mod_security can be a very big performance killer on a very busy web server.... intercepting every URL and trying to match each one against a long list of rules can kill performance.
Sure performance-wise you'll want to filter like "DynamicOnly", not log what you don't need and group regular expressions, but "very big performance killer"? Naw, I'd call that unsubstantiated if presented without cold hard numbers...


BTW, about the script, having a separate chain instead of putting everything in INPUT allows you to route traffic in a more fine-grained way. The script then essentially could be compressed to a oneliner something like:
Code:
iptables -F BLOCKCHAIN || iptables -N BLOCKCHAIN; ( curl -s http://www.novirusthanks.org/dfind-logs/ip-list | grep -v '#"; awk '/w00tw00t/ {print $2}' /var/log/httpd/*access* ) | sort -u | xargs -iX iptables -A BLOCKCHAIN -s 'X' -j DROP

Top of my head though, untested, so YMMV(VM).
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

LINUX 9 IPTABLES and DNS

I have installed a linux 9 router/firewall and have issues with outside DNS queries making it in. here are my IPTABLE rules, can anyone make some suggestions? ETH1 is my outside facing Interface, ETH0 is my inside facing interface. Accept If input interface is not eth1 Accept If protocol is... (1 Reply)
Discussion started by: frankkahle
1 Replies

2. Linux

LINUX 9 IPTABLES and DNS

I have installed a linux 9 router/firewall and have issues with outside DNS queries making it in. here are my IPTABLE rules, can anyone make some suggestions? ETH1 is my outside facing Interface, ETH0 is my inside facing interface. Accept If input interface is not eth1 Accept If protocol... (6 Replies)
Discussion started by: frankkahle
6 Replies

3. UNIX for Dummies Questions & Answers

Linux IPTABLES help

I'm new to Linux and I made a big mistake at work recently locking myself out of our own server :(. I did iptables -F first as the tutorial said and then entered the rules. I wanted to start over again so I did iptables -F and it locked us out. We had to get someone to physically restart... (0 Replies)
Discussion started by: nogumo
0 Replies

4. Programming

Linux BSD sockets blocking issue

I am using BSD TCP sockets under Debian Linux 2.6 and no matter what I do, the socket blocks on recv. I have set O_NONBLOCK and O_NDELAY using fcntl to no effect. Any ideas ? (3 Replies)
Discussion started by: johnmb
3 Replies

5. Shell Programming and Scripting

Non-blocking pipe

Hello, Would this be an acceptable way of creating a non-blocking pipe. Basically I want to create kind of a server client arch. This code would be in the server, and I don't want to have to wait for clients to read before moving on to the next client. One problem I can see is if... (4 Replies)
Discussion started by: cdlaforc
4 Replies

6. Debian

URL blocking with iptables

we have internal network 192.168.129.x for a system hosted with pdf.xxx.xyz URL is already public accessible but when try to connect as site (/ap/p.nt) of the URL pdf.xxx.xyz/ap/p.nt restriction to be applied publicly except accessing internally can anyone guide me on this?? (1 Reply)
Discussion started by: shrinuvas
1 Replies

7. UNIX for Advanced & Expert Users

ps blocking

Hi Folks I have been debugging a script that is called every thirty seconds. Basically it is doing a ps, well two actually, one to file (read by the getline below) and the other into a pipe. The one into the pipe is: - V_SYSVPS=/usr/sysv/bin/ps $V_SYSVPS -p$PIDLIST -o$PSARGS... (0 Replies)
Discussion started by: steadyonabix
0 Replies

8. UNIX for Dummies Questions & Answers

Linux iptables -> is it possible?

Hi! I have a dedicated hosting working with 2 ips. Is it possible to block all connections but 1 in all existing ports for only 1 of my ips? I mean like, I have 2 ips for example: 190.x.x.5 and 190.x.x.6 I want that all the connections going to 190.x.x.6 in all ports get rejected but only 1... (7 Replies)
Discussion started by: Kekox
7 Replies

9. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

10. Cybersecurity

Blocking 3306 with iptables -A INPUT -p tcp --dport 3306

Just added these lines to our server firewall: iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -j DROP Even though mysql is configured to correctly only listen on port 127.0.0.1 we still see these mysql log file notes on a daily... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT LINUX

iptables-xml

IPTABLES-XML(8) 														   IPTABLES-XML(8)

NAME

       iptables-xml -- Convert iptables-save format to XML

SYNOPSIS

       iptables-xml [-c] [-v]

DESCRIPTION

       iptables-xml  is  used  to convert the output of iptables-save into an easily manipulatable XML format to STDOUT.  Use I/O-redirection pro-
       vided by your shell to write to a file.

       -c, --combine
	      combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target  per
	      match,  so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
	      matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.

       -v, --verbose
	      Output xml comments containing the iptables line from which the XML is derived

       iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j  targets	in
       order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
       a target like SNAT and another chain.

       Some sample output is:

       <iptables-rules>
	 <table name="mangle">
	   <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
	     <rule>
	      <conditions>
	       <match>
		 <p>tcp</p>
	       </match>
	       <tcp>
		 <sport>8443</sport>
	       </tcp>
	      </conditions>
	      <actions>
	       <call>
		 <check_ip/>
	       </call>
	       <ACCEPT/>
	      </actions>
	     </rule>
	   </chain>
	 </table> </iptables-rules>

       Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using  libxsltproc
       or similar; in this fashion:

       xsltproc iptables.xslt my-iptables.xml | iptables-restore

BUGS

       None known as of iptables-1.3.7 release

AUTHOR

       Sam Liddicott <azez@ufomechanic.net>

SEE ALSO

       iptables-save(8), iptables-restore(8), iptables(8)

								   Jul 16, 2007 						   IPTABLES-XML(8)
All times are GMT -4. The time now is 12:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy