Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a list of addresses from a Shorewall blacklist file, and I would like to import them into my iptables list. Aside from manually entering in the addresses, is there a tool I can use to facilitate the process? Thanks.
Here is the perl script I created to parse and make rules:
Code:
#!/usr/bin/perl
# wall.pl by int0x80
# convert shorewall list to iptables
use strict;
my $config = shift or usage(); # find the config file
my $nic = "eth0"; # change this to your NIC
my @fields = (); # parts of each line
my $rule; # the iptables rule we build
open(CONF, $config); # open the config file for read
while(<CONF>){ # !EOF
@fields = split(/ /,$_); # parse each part
if($fields[0] !~ /^\s*#/){ # make sure this isn't commented
chomp($fields[1]); # clear newline if there
$rule = "iptables -I INPUT -i ". $nic ." -p ". $fields[1] ." -s ". $fields[0];
if(length $fields[2] && $fields[2] !~ /^\s*#/){
$rule = $rule . " -m mport --dports " . $fields[2];
}
chomp($rule); # clear newline if there
$rule = $rule . " -j DROP"; # finish the rule
print $rule ."\n"; # print rule
system($rule); # insert to filter
}
} # EOF
close CONF; # close the config file
sub usage {
die "Usage: wall.pl <config>\n";
}
I ran the perl script as root and unfortunately the follow output appeared:
iptables -I INPUT -i eth0 -p -s 221.113.7.0/24 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables -I INPUT -i eth0 -p -s 61.0.0.0/8 tcp 22,25,53,6000 -j DROP
iptables v1.3.5: unknown protocol `-s' specified
I did run the script as a non-root user, via the sudo command, and I got output similar to what you saw, the only thing is, there were no changes to the iptables file after it was run.
What change(s) should I make to the script? Thanks in advance.
I verified that the script was identical to what you had posted, and I ran it again, and while there was output onscreen, there was no change made to the /etc/sysconfig/iptables file. I also
deleted the existing wall.pl file and recreated it from scratch, without any success.
I ran the command as root and sudo user with the same results. When I ran an individual line as sudo or root user, I got the unknown protocol -s error. What am I missing here?
First, it does not write anything to /etc/sysconfig/iptables, where do you see that in the code? If you want to see the rules, run iptables -nvL and pipe to less if necessary. Show me your usage here, copy and paste from your terminal. Use the CODE or QUOTE tags around it to preserve formatting. Include everything (source, usage, output).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
