Importing List of Addresses into IP Tables

kaplan71 · 12-08-2006, 07:18 AM

Hi there --

I have a list of addresses from a Shorewall blacklist file, and I would like to import them into my iptables list. Aside from manually entering in the addresses, is there a tool I can use to facilitate the process? Thanks.

int0x80 · 12-08-2006, 07:29 AM

We can probably parse them out with perl or other core utils (grep, awk, sed). Can you post some lines (if not all) from the file?

kaplan71 · 12-08-2006, 07:39 AM

Hi there --

Thanks for your reply. Listed below is a partial list of the addresses in questions:

61.0.0.0/8 tcp 22,25,53,6000
61.0.0.0/8 tcp
65.23.0.0/16 tcp
65.24.0.0/16 tcp
130.65.0.0/16 tcp
217.10.106.0/24 tcp
210.229.150.0/16 tcp
134.102.0.0/8 tcp
2.0.0.0/7 tcp
4.0.0.0/6 tcp
8.0.0.0/5 tcp
11.0.0.0/8 tcp
15.0.0.0/8 tcp
17.0.0.0/8 tcp #Apple
18.0.0.0/7 tcp #MIT
#43.0.0.0/8 tcp #Japan
41.0.0.0/8 tcp #AfriNIC
148.245.0.0/16 tcp #Mexico LACNIC
44.0.0.0/8 tcp #Amateur Radio
62.0.0.0/8 tcp #RIPE

int0x80 · 12-08-2006, 08:25 AM

Here is the perl script I created to parse and make rules:

Code:

#!/usr/bin/perl
# wall.pl by int0x80
# convert shorewall list to iptables
use strict;

my $config = shift or usage();          # find the config file
my $nic = "eth0";                       # change this to your NIC
my @fields = ();                        # parts of each line
my $rule;                               # the iptables rule we build
open(CONF, $config);                    # open the config file for read
while(<CONF>){                          # !EOF
    @fields = split(/ /,$_);            # parse each part
    if($fields[0] !~ /^\s*#/){          # make sure this isn't commented
        chomp($fields[1]);              # clear newline if there

        $rule = "iptables -I INPUT -i ". $nic ." -p ". $fields[1] ." -s ". $fields[0];
        if(length $fields[2] && $fields[2] !~ /^\s*#/){
            $rule = $rule . " -m mport --dports " . $fields[2];
        }

        chomp($rule);                   # clear newline if there
        $rule = $rule . " -j DROP";     # finish the rule
        print $rule ."\n";              # print rule
        system($rule);                  # insert to filter
    }
}                                       # EOF
close CONF;                             # close the config file

sub usage {
    die "Usage: wall.pl <config>\n";
}

Here is my usage:

Code:

int0x80:~/source/perl/shorewall-iptables$ ./wall.pl kaplan71.txt
iptables -I INPUT -i eth0 -p tcp -s 61.0.0.0/8 -m mport --dports 22,25,53,6000 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 61.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 65.23.0.0/16 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 65.24.0.0/16 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 130.65.0.0/16 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 217.10.106.0/24 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 210.229.150.0/16 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 134.102.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 2.0.0.0/7 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 4.0.0.0/6 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 8.0.0.0/5 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 11.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 15.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 17.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 18.0.0.0/7 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 41.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 148.245.0.0/16 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 44.0.0.0/8 -j DROP
iptables -I INPUT -i eth0 -p tcp -s 62.0.0.0/8 -j DROP

Here is the kaplan71.txt file:

Code:

int0x80:~/source/perl/shorewall-iptables$ cat kaplan71.txt
61.0.0.0/8 tcp 22,25,53,6000
61.0.0.0/8 tcp
65.23.0.0/16 tcp
65.24.0.0/16 tcp
130.65.0.0/16 tcp
217.10.106.0/24 tcp
210.229.150.0/16 tcp
134.102.0.0/8 tcp
2.0.0.0/7 tcp
4.0.0.0/6 tcp
8.0.0.0/5 tcp
11.0.0.0/8 tcp
15.0.0.0/8 tcp
17.0.0.0/8 tcp #Apple
18.0.0.0/7 tcp #MIT
#43.0.0.0/8 tcp #Japan
41.0.0.0/8 tcp #AfriNIC
148.245.0.0/16 tcp #Mexico LACNIC
44.0.0.0/8 tcp #Amateur Radio
62.0.0.0/8 tcp #RIPE

kaplan71 · 12-08-2006, 09:21 AM

Hi there --

I ran the perl script as root and unfortunately the follow output appeared:

iptables -I INPUT -i eth0 -p -s 221.113.7.0/24 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables -I INPUT -i eth0 -p -s 61.0.0.0/8 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified

I did run the script as a non-root user, via the sudo command, and I got output similar to what you saw, the only thing is, there were no changes to the iptables file after it was run.

What change(s) should I make to the script? Thanks in advance.

amitsharma_26 · 12-08-2006, 12:03 PM

You got to specify the type of protocol in your iptables command.

Code:

-p tcp/udp

int0x80 · 12-08-2006, 01:27 PM

amitsharma is correct, your protocol has been misplaced in the command.

Be sure to check the script you are running is identical to what I posted.

kaplan71 · 12-08-2006, 01:55 PM

Hi there --

I verified that the script was identical to what you had posted, and I ran it again, and while there was output onscreen, there was no change made to the /etc/sysconfig/iptables file. I also
deleted the existing wall.pl file and recreated it from scratch, without any success.

I ran the command as root and sudo user with the same results. When I ran an individual line as sudo or root user, I got the unknown protocol -s error. What am I missing here?

int0x80 · 12-08-2006, 02:58 PM

First, it does not write anything to /etc/sysconfig/iptables, where do you see that in the code? If you want to see the rules, run iptables -nvL and pipe to less if necessary. Show me your usage here, copy and paste from your terminal. Use the CODE or QUOTE tags around it to preserve formatting. Include everything (source, usage, output).

kaplan71 · 12-08-2006, 03:48 PM

Sorry about the confusion. I am entering the data now. Thanks for the help.