Jump to content

Adding a Massive IP Blacklist to Smoothwall 3.0


oligarchy314

Recommended Posts

So the neighbor was tossing a P-II, 450MHz machine (c. 1998). I of course picked it up for a Smoothwall box, and got to work. I added 4 NICs because I can (green, orange, purple, red), and installed Smoothwall 3.0.

Now what I'd like to do is have a script to parse through and permanently add all the entries in the block list ipfilter.dat (or any other plain text ip black list) to the iptables inside Smoothwall, but I don't know much about iptables or shell scripting for that matter. Just throwing this out to the linux admins in the community.

Reading through the Smoothwall forums, I only found a few things close to what I was looking for and most people were pooh-pooh-ing anyone who would do this as an obvious pirate without giving any useful advice or solutions. I also found a post that said adding a block list of that size would bog the machine down.

That's as maybe, but I still want to try. I just happen to be a belt and suspenders, and fire and duct tape sort of person on security. I already run PeerGuardian on my WinXP machine; just thinking it would be nice to have that sort of filtering in a router type device, without manually entering 254,000+ ip ranges. I did find this script, but I don't know enough to know if it works or not, but thought I should add this as a starting point for anyone that's interested. ipblock.sh

As an aside, I have previously been able to manually add home brew mods from Sourceforge to the box without any major trouble, so I'm not afraid of the shell, vim, or using secure ftp to get files onto the machine, as I have used all of those before; just looking for some advice and/or assistance.

Link to comment
Share on other sites

This is not exactly what I was looking for, but it does look like useful information. What that site is explaining is how to add a block list of domains to the DNS, so that users on the LAN can't navigate out to malicious sites. What I'm really looking for is a way to explicitly block bad ip ranges from connecting in to my internal network.

I do understand that with NAT realistically there shouldn't be any unsolicited traffic allowed in past the firewall anyway, but just in case there is an outbound request is made to a bad network, I would like to make sure that any inbound responses are stopped on the way back in. My initial thoughts were to use the iptables firewall system that Smoothwall uses for this, but to do it without having to manually enter in a huge list of ip's.

I will have to do some more reading on DNS and Bind, and see if adding the blocklist to the DNS and using Smoothwall as my DNS caching server would do the same thing as what I was thinking of. I already have the Smoothwall set up to use OpenDNS instead of my ISP as the DNS servers, but I'll see what I can see.

Thank you for your assistance so far.

Link to comment
Share on other sites

I like this idea. Simple, straight forward, and effective. I just need to convert the list I have to the proper format for the hosts.deny file. The list I have uses xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy and my understanding is that the hosts file uses xxx.xxx.xxx.xxx/xx, a perfect job for regular expressions. Working on that now; once I finish I'll post the file if any one else would like to use this.

Link to comment
Share on other sites

I created a hosts.deny file in CIDR notation from the lists I have using the Blocklist Manager from bluetack.co.uk. They are in the form xxx.xxx.xxx.xxx/xx

I can't really tell if this is working or not. Do I have to use the format xxx.xxx.xxx.xxx/255.255.255.0 or something simmilar where the second half is the net mask? Here is the file if anyone wants to look at it. (hosts.zip)

Link to comment
Share on other sites

my main goal is reducing traffic from spammers and ad servers. Also I haven't decided to become a total dick about what the room mates do on the internet, so if I can just prevent them from getting into too much trouble, the better off I figure I am, in the event that they are torrenting or otherwise and decide not to stay as on the level as I might like them to be.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...