Posted By

jsinix on 12/12/14


Tagged

drop firewall blacklist iptables spamhaus


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

jbyerson


Iptables Spamhaus Blacklist


 / Published in: Python
 

URL: www.jsinix.com

I wrote this script to setup basic iptable rules to secure the system. In addition to that, this script queries spamhaus's blacklisted IP/Network addresses. These IP's are then stored in a new chain called droplist. Finally it is referenced in the default filter table chains(i.e INPUT, OUTPUT and FORWARD). This script or its customized version can be useful for many type of public facing servers including mail servers to protect from spams etc. Please use this at your own risk and read carefully before using. You might need to change some parts according to your needs.

  1. #!/usr/bin/python
  2. import requests
  3. from netaddr import *
  4. import subprocess, getpass
  5. import sys, os, datetime
  6.  
  7. #This script if used with a cronjob can be useful.
  8.  
  9. Welcome = """\
  10. _ _ _
  11. (_) (_) (_)
  12. _ ___ _ _ __ ___ __
  13. | / __| | '_ \| \ \/ /
  14. | \__ \ | | | | |> <
  15. | |___/_|_| |_|_/_/\_\.
  16. _/ |
  17. |__/
  18. """
  19.  
  20. Disclaimer = """\
  21. \nAuthor: jsinix([email protected])
  22. I wrote this script to setup basic iptable rules to secure the system.
  23. In addition to that, this script queries spamhaus's blacklisted IP/Network
  24. addresses. These IP's are then stored in a new chain called droplist. Finally
  25. it is referenced in the default filter table chains(i.e INPUT, OUTPUT and FORWARD).
  26. This script or its customized version can be useful for many type of public
  27. facing servers including mail servers to protect from spams etc.
  28. Please use this at your own risk and read carefully before using. You might
  29. need to change some parts according to your needs.
  30. """
  31.  
  32. Iptable_rules = """
  33. *filter
  34. -A INPUT -i lo -j ACCEPT
  35. -A INPUT -d 127.0.0.0/8 -j REJECT
  36. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  37. -A OUTPUT -j ACCEPT
  38. -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
  39. -A INPUT -p icmp -j ACCEPT
  40. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  41. -A INPUT -j DROP
  42. -A FORWARD -j DROP
  43. COMMIT
  44. """
  45.  
  46. ip_list = []
  47.  
  48. all_links = ["http://www.spamhaus.org/drop/drop.txt"]
  49.  
  50. def get_spamhaus_ip(link):
  51. f = requests.get(link)
  52.  
  53. for each in f.text.split():
  54. try:
  55. temp_net = IPNetwork(each)
  56. ip_list.append(temp_net)
  57. except:
  58. pass
  59.  
  60.  
  61. def set_blocklist(ips):
  62.  
  63. cmdstring = "iptables -A droplist -s %s -j DROP" % (ips)
  64. os.system(cmdstring)
  65.  
  66.  
  67. def use_blocklist():
  68. os.system("iptables -I INPUT -j droplist")
  69. os.system("iptables -I OUTPUT -j droplist")
  70. os.system("iptables -I FORWARD -j droplist")
  71.  
  72.  
  73. def iptables_setup():
  74.  
  75. print "\n\n\n(+) Flushing old rules in droplist\n"
  76. os.system("iptables -F droplist")
  77.  
  78. print "(+) Installing firewall"
  79. f002 = open('/etc/iptables.firewall.rules','w')
  80. f002.write(Iptable_rules)
  81. f002.close()
  82. os.system("iptables-restore < /etc/iptables.firewall.rules")
  83. print "(+) Firewall is running"
  84. print "(+) Setting up firewall on startup"
  85.  
  86. print "\n(+) Creating droplist chain"
  87. os.system("iptables -N droplist")
  88.  
  89. firewall_startup = """
  90. #!/bin/sh
  91. /sbin/iptables-restore < /etc/iptables.firewall.rules
  92. /sbin/iptables -N droplist
  93. """
  94. f003 = open('/etc/network/if-pre-up.d/firewall','w')
  95. f003.write(firewall_startup)
  96. f003.close()
  97. os.system("chmod +x /etc/network/if-pre-up.d/firewall")
  98.  
  99.  
  100. def controller():
  101. print Welcome
  102. print "\n"
  103. print Disclaimer
  104.  
  105. iptables_setup()
  106.  
  107. print "(+) Quering Spamhaus Blacklist"
  108.  
  109. for l in all_links:
  110. get_spamhaus_ip(l)
  111.  
  112. print "(+) Refreshing droplist chain"
  113.  
  114. for net in ip_list:
  115. set_blocklist(net)
  116.  
  117. print "(+) Applying droplist to filter chain"
  118. use_blocklist()
  119.  
  120. # This script must be run as root to avoid permission
  121. # issues.
  122. #So lets make sure that no other user can run it.
  123. my_user = getpass.getuser()
  124. if(my_user != 'root'):
  125. print "(+) Please run this script as ROOT"
  126. sys.exit()
  127.  
  128. else:
  129. os.system("clear")
  130. controller()
  131. print "\n(+) Firewall updated !"

Report this snippet  

You need to login to post a comment.