LinuxQuestions.org - Importing List of Addresses into IP Tables

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Importing List of Addresses into IP Tables (https://www.linuxquestions.org/questions/linux-security-4/importing-list-of-addresses-into-ip-tables-508526/)

Importing List of Addresses into IP Tables

Hi there --

I have a list of addresses from a Shorewall blacklist file, and I would like to import them into my iptables list. Aside from manually entering in the addresses, is there a tool I can use to facilitate the process? Thanks.

We can probably parse them out with perl or other core utils (grep, awk, sed). Can you post some lines (if not all) from the file?

Hi there --

Thanks for your reply. Listed below is a partial list of the addresses in questions:

61.0.0.0/8 tcp 22,25,53,6000
61.0.0.0/8 tcp
65.23.0.0/16 tcp
65.24.0.0/16 tcp
130.65.0.0/16 tcp
217.10.106.0/24 tcp
210.229.150.0/16 tcp
134.102.0.0/8 tcp
2.0.0.0/7 tcp
4.0.0.0/6 tcp
8.0.0.0/5 tcp
11.0.0.0/8 tcp
15.0.0.0/8 tcp
17.0.0.0/8 tcp #Apple
18.0.0.0/7 tcp #MIT
#43.0.0.0/8 tcp #Japan
41.0.0.0/8 tcp #AfriNIC
148.245.0.0/16 tcp #Mexico LACNIC
44.0.0.0/8 tcp #Amateur Radio
62.0.0.0/8 tcp #RIPE

Here is the perl script I created to parse and make rules:

Code:

#!/usr/bin/perl

# wall.pl by int0x80

# convert shorewall list to iptables

use strict;



my $config = shift or usage();          # find the config file

my $nic = "eth0";                      # change this to your NIC

my @fields = ();                        # parts of each line

my $rule;                              # the iptables rule we build

open(CONF, $config);                    # open the config file for read

while(<CONF>){                          # !EOF

    @fields = split(/ /,$_);            # parse each part

    if($fields[0] !~ /^\s*#/){          # make sure this isn't commented

        chomp($fields[1]);              # clear newline if there



        $rule = "iptables -I INPUT -i ". $nic ." -p ". $fields[1] ." -s ". $fields[0];

        if(length $fields[2] && $fields[2] !~ /^\s*#/){

            $rule = $rule . " -m mport --dports " . $fields[2];

        }



        chomp($rule);                  # clear newline if there

        $rule = $rule . " -j DROP";    # finish the rule

        print $rule ."\n";              # print rule

        system($rule);                  # insert to filter

    }

}                                      # EOF

close CONF;                            # close the config file



sub usage {

    die "Usage: wall.pl <config>\n";

}

Here is my usage:

Code:

int0x80:~/source/perl/shorewall-iptables$ ./wall.pl kaplan71.txt

iptables -I INPUT -i eth0 -p tcp -s 61.0.0.0/8 -m mport --dports 22,25,53,6000 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 61.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 65.23.0.0/16 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 65.24.0.0/16 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 130.65.0.0/16 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 217.10.106.0/24 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 210.229.150.0/16 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 134.102.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 2.0.0.0/7 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 4.0.0.0/6 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 8.0.0.0/5 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 11.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 15.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 17.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 18.0.0.0/7 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 41.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 148.245.0.0/16 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 44.0.0.0/8 -j DROP

iptables -I INPUT -i eth0 -p tcp -s 62.0.0.0/8 -j DROP

Here is the kaplan71.txt file:

Code:

int0x80:~/source/perl/shorewall-iptables$ cat kaplan71.txt

61.0.0.0/8 tcp 22,25,53,6000

61.0.0.0/8 tcp

65.23.0.0/16 tcp

65.24.0.0/16 tcp

130.65.0.0/16 tcp

217.10.106.0/24 tcp

210.229.150.0/16 tcp

134.102.0.0/8 tcp

2.0.0.0/7 tcp

4.0.0.0/6 tcp

8.0.0.0/5 tcp

11.0.0.0/8 tcp

15.0.0.0/8 tcp

17.0.0.0/8 tcp #Apple

18.0.0.0/7 tcp #MIT

#43.0.0.0/8 tcp #Japan

41.0.0.0/8 tcp #AfriNIC

148.245.0.0/16 tcp #Mexico LACNIC

44.0.0.0/8 tcp #Amateur Radio

62.0.0.0/8 tcp #RIPE

Hi there --

I ran the perl script as root and unfortunately the follow output appeared:

iptables -I INPUT -i eth0 -p -s 221.113.7.0/24 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables -I INPUT -i eth0 -p -s 61.0.0.0/8 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified

I did run the script as a non-root user, via the sudo command, and I got output similar to what you saw, the only thing is, there were no changes to the iptables file after it was run.

What change(s) should I make to the script? Thanks in advance.

You got to specify the type of protocol in your iptables command.

Code:

-p tcp/udp

amitsharma is correct, your protocol has been misplaced in the command.

Be sure to check the script you are running is identical to what I posted.

Hi there --

I verified that the script was identical to what you had posted, and I ran it again, and while there was output onscreen, there was no change made to the /etc/sysconfig/iptables file. I also
deleted the existing wall.pl file and recreated it from scratch, without any success.

I ran the command as root and sudo user with the same results. When I ran an individual line as sudo or root user, I got the unknown protocol -s error. What am I missing here?

First, it does not write anything to /etc/sysconfig/iptables, where do you see that in the code? If you want to see the rules, run iptables -nvL and pipe to less if necessary. Show me your usage here, copy and paste from your terminal. Use the CODE or QUOTE tags around it to preserve formatting. Include everything (source, usage, output).

Sorry about the confusion. I am entering the data now. Thanks for the help.