Adding a Massive IP Blacklist to Smoothwall 3.0

[oligarchy314]

So the neighbor was tossing a P-II, 450MHz machine (c. 1998). I of course picked it up for a Smoothwall box, and got to work. I added 4 NICs because I can (green, orange, purple, red), and installed Smoothwall 3.0.

Now what I'd like to do is have a script to parse through and permanently add all the entries in the block list ipfilter.dat (or any other plain text ip black list) to the iptables inside Smoothwall, but I don't know much about iptables or shell scripting for that matter. Just throwing this out to the linux admins in the community.

Reading through the Smoothwall forums, I only found a few things close to what I was looking for and most people were pooh-pooh-ing anyone who would do this as an obvious pirate without giving any useful advice or solutions. I also found a post that said adding a block list of that size would bog the machine down.

That's as maybe, but I still want to try. I just happen to be a belt and suspenders, and fire and duct tape sort of person on security. I already run PeerGuardian on my WinXP machine; just thinking it would be nice to have that sort of filtering in a router type device, without manually entering 254,000+ ip ranges. I did find this script, but I don't know enough to know if it works or not, but thought I should add this as a starting point for anyone that's interested. ipblock.sh

As an aside, I have previously been able to manually add home brew mods from Sourceforge to the box without any major trouble, so I'm not afraid of the shell, vim, or using secure ftp to get files onto the machine, as I have used all of those before; just looking for some advice and/or assistance.

[digip]

Not sure if this is what you are lookign for, but if anything, they have HUGE block lists that may be of use to you.

http://malwaredomains.com/?page_id=6

[oligarchy314]

This is not exactly what I was looking for, but it does look like useful information. What that site is explaining is how to add a block list of domains to the DNS, so that users on the LAN can't navigate out to malicious sites. What I'm really looking for is a way to explicitly block bad ip ranges from connecting in to my internal network.

I do understand that with NAT realistically there shouldn't be any unsolicited traffic allowed in past the firewall anyway, but just in case there is an outbound request is made to a bad network, I would like to make sure that any inbound responses are stopped on the way back in. My initial thoughts were to use the iptables firewall system that Smoothwall uses for this, but to do it without having to manually enter in a huge list of ip's.

I will have to do some more reading on DNS and Bind, and see if adding the blocklist to the DNS and using Smoothwall as my DNS caching server would do the same thing as what I was thinking of. I already have the Smoothwall set up to use OpenDNS instead of my ISP as the DNS servers, but I'll see what I can see.

Thank you for your assistance so far.

[SomeoneE1se]

long.list.of.bad.people.ips.dat >> /etc/hosts.deny

??

[oligarchy314]

I like this idea. Simple, straight forward, and effective. I just need to convert the list I have to the proper format for the hosts.deny file. The list I have uses xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy and my understanding is that the hosts file uses xxx.xxx.xxx.xxx/xx, a perfect job for regular expressions. Working on that now; once I finish I'll post the file if any one else would like to use this.

[oligarchy314]

I created a hosts.deny file in CIDR notation from the lists I have using the Blocklist Manager from bluetack.co.uk. They are in the form xxx.xxx.xxx.xxx/xx

I can't really tell if this is working or not. Do I have to use the format xxx.xxx.xxx.xxx/255.255.255.0 or something simmilar where the second half is the net mask? Here is the file if anyone wants to look at it. (hosts.zip)

[VaKo]

Out of interest, what gain to you get from blocking a large number of IP ranges?

[Sparda]

ad blocking, helps reduce track ability when using peer to peer services, that's it basically.

[oligarchy314]

my main goal is reducing traffic from spammers and ad servers. Also I haven't decided to become a total dick about what the room mates do on the internet, so if I can just prevent them from getting into too much trouble, the better off I figure I am, in the event that they are torrenting or otherwise and decide not to stay as on the level as I might like them to be.