Sinokorea IPTables Generator · Mar 13, 21:45 by Shannon Wynter

Welcome to the modern Internet – an Internet of spam and worms.

I’ve come to the conclusion (along with several others) that over 50% of my spam and worm traffic originates from Korea and China.

Which is funny – considering that China has gone to great extremes to build ‘The great firewall of China’ – The least they could do if they were going to oppress their people and keep them from the truth is keep them from the rest of us while they’re at it yeah?

And the Koreans? well.. they don’t seem to care what they do on the net, I’ve sent hundreds of spam notices to abuse mail boxes, never slows it down.

So, after a quick Google. I present you with the code below – inspired by http://www.okean.com/

I know, I could have done “better” and used curl or something, but the idea was to keep it small, compact and with the least amount of dependencies.

I’m also aware I could have just downloaded the dnsbl version of the table I’ve used here… but I’m more just as concerned with bogus ssh traffic as I am with emails

1. #!/usr/bin/perl
2. ###############################################################################################
3. ## Sinokorea firewall script - v1.0 - Freman
4. ###############################################################################################
5. ## Very simple little script to download, cache and install Okeans list of
6. ## sinokorean ip subnets as an IPTables firewall chain
7. ##
8. ## Once you've run this script simply type
9. ## iptables -I INPUT -j sinokorea
10. ##
11. ## Things you can change...
12. ##  List/URLToFetch:  The URL to fetch
13. ##  List/Cache:    The Path to cache it to
14. ##  IPTables/Path:    Where your IPTables are
15. ##  IPTables/ChainName:  The IPTables ChainName
16. ##  OKPorts:    What ports you want to give them access to through the firewall
17. ##
18. ## For more information about the list of IP addresses used by this script please visit the
19. ## Okean website: http://www.okean.com/
20. ##
21. ## To contact me visit my website: http://fremnet.net
22. ###############################################################################################
23. ##
24. ## ChangeLog:-
25. ##  2005-11-01:
26. ##    Initial Release
27. ##
28. ###############################################################################################
29.   
30. use Data::Dumper;
31. use IO::Socket;
32. use strict;
33.   
34. use vars qw(%Config);
35.   
36. %Config = (
37. 'List' => {
38.   'URLToFetch' => 'http://www.okean.com/sinokoreacidr.txt',
39.   'Cache' => '/tmp/sinokoreacidr.txt',
40. },
41. 'IPTables' => {
42.   'Path' => '/sbin/iptables',
43.   'ChainName' => 'sinokorea',
44. },
45. 'OKPorts' => qw/tcp:80/,
46. );
47.   
48.   
49. &DoCache($Config{'List'}{'URLToFetch'},$Config{'List'}{'Cache'});
50.   
51. my $CheckChains = `${Config{'IPTables'}{'Path'}} -L -n | grep ${Config{'IPTables'}{'ChainName'}}`;
52. if ($CheckChains =~ /${Config{'IPTables'}{'ChainName'}}/) {
53. system("${Config{'IPTables'}{'Path'}} -F ${Config{'IPTables'}{'ChainName'}}");
54. } else {
55. system("${Config{'IPTables'}{'Path'}} -N ${Config{'IPTables'}{'ChainName'}}");
56. }
57.   
58. foreach my $OKPort (@{Config{'OKPorts'}}) {
59. my ($Proto,$Port) = split(/:/,$OKPort);
60. system("${Config{'IPTables'}{'Path'}} -A ${Config{'IPTables'}{'ChainName'}} -p $Proto --destination-port $Port -j RETURN");
61. }
62.   
63. open(F,"<$Config{'List'}{'Cache'}");
64. while (my $Line = <F>) {
65. next if ($Line =~ /^#/);
66. chomp($Line);
67. my ($IP,$Area) = split(/ +/,$Line);
68. system("${Config{'IPTables'}{'Path'}} -A ${Config{'IPTables'}{'ChainName'}} --destination $IP -j DROP");
69. }
70.   
71. system("${Config{'IPTables'}{'Path'}} -A ${Config{'IPTables'}{'ChainName'}} -j RETURN");
72.   
73. sub DoCache {
74. my $URL = shift;
75. my $CacheFile = shift;
76.   
77. my $Updated = &GetCacheStamp($CacheFile);
78.   
79. my $NewDate = &GetDate($URL);
80.   
81. if (!($NewDate eq $Updated)) {
82.   my %Data = &FetchURL($URL,'GET');
83.   open(F,">$CacheFile");
84.   print F "#Updated $NewDate\n";
85.   print F $Data{'Body'};
86.   close(F);
87. }
88. }
89.   
90. sub GetCacheStamp {
91. my $File = shift;
92.   
93. my $CacheStamp = '';
94.   if (-f $File) {
95.   open(F,$File);
96.   my $Line = <F>;
97.   close(F);
98.   chomp($Line);
99.   $Line =~ /^#Updated (.*)$/;
100.   $CacheStamp = $1;
101.   }
102. return $CacheStamp;
103. }
104.   
105. sub GetDate {
106. my $URL = shift;
107. my %Fetched = &FetchURL($URL,'HEAD');
108. return $Fetched{'Last-Modified'};
109. }
110.   
111. sub FetchURL {
112. my $URL = shift;
113. my $Method = shift;
114.   
115. my %Parsed = &ParseURL($URL);
116.   
117. my $Sock = new IO::Socket::INET(
118.   PeerAddr => $Parsed{'Host'},
119.   PeerPort => $Parsed{'Port'},
120.         Proto => 'tcp',
121. );
122.  
123. die "Could not open connection to $URL: $!\n" unless $Sock;
124.   
125. print $Sock "$Method ${Parsed{'Path'}} HTTP/1.0\r\n";
126. print $Sock "Host: ${Parsed{'Host'}}\r\n";
127. print $Sock "User-Agent: SinoKoreaTables/1.0\r\n";
128. print $Sock "Accept: text/plain\r\n\r\n";
129.   
130. my %Headers;
131. while (my $Line = <$Sock>) {
132.   $Line =~ s/[\r\n]+//gi;
133.   $Line =~ s/[\r\n]+//gi;
134.   if ($Line =~ /^(.*?): (.*)$/) {
135.   $Headers{$1} = $2;
136.   } elsif ($Line =~ /^HTTP (\d+)/) {
137.   $Headers{'Response'} = $1;
138.   } elsif ($Line eq '') {
139.   last;
140.   }
141. }
142. while (my $Line = <$Sock>) {
143.   chomp($Line);
144.   $Headers{'Body'} .= "$Line\n";
145. }
146. close($Sock);
147.   
148. return %Headers;
149. }
150.   
151. sub ParseURL {
152. my $URL = shift;
153.   
154. $URL =~ /http:\/\/([^\/]*)(\/.*)/;
155. my ($Host,$Port) = split(/:/,$1);
156. $Port = 80 || $Port;
157. my $Path = $2;
158.   
159. return (
160.   'Host' => $Host,
161.   'Port' => $Port,
162.   'Path' => $Path,
163. );
164. };
165. Download this code: sinokorea.pl (Downloaded 203 time(s))

Comments