Advanced Search

Iptables Spamhaus Blacklist

/ Published in: Python
Save to your folder(s)
I wrote this script to setup basic iptable rules to secure the system.
In addition to that, this script queries spamhaus's blacklisted IP/Network
addresses. These IP's are then stored in a new chain called droplist. Finally
it is referenced in the default filter table chains(i.e INPUT, OUTPUT and FORWARD).
This script or its customized version can be useful for many type of public
facing servers including mail servers to protect from spams etc.
Please use this at your own risk and read carefully before using. You might
need to change some parts according to your needs.

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. #!/usr/bin/python
  2. import requests
  3. from netaddr import *
  4. import subprocess, getpass
  5. import sys, os, datetime
  6.  
  7. #This script if used with a cronjob can be useful.
  8.  
  9. Welcome = """\
  10.          _     _       _
  11.         (_)   (_)     (_)
  12.          _ ___ _ _ __  ___  __
  13.         | / __| | '_ \| \ \/ /
  14.         | \__ \ | | | | |>  <
  15.         | |___/_|_| |_|_/_/\_\.
  16.        _/ |
  17.       |__/
  18. """
  19.  
  20. Disclaimer = """\
  21. \nAuthor: jsinix([email protected])
  22. I wrote this script to setup basic iptable rules to secure the system.
  23. In addition to that, this script queries spamhaus's blacklisted IP/Network
  24. addresses. These IP's are then stored in a new chain called droplist. Finally
  25. it is referenced in the default filter table chains(i.e INPUT, OUTPUT and FORWARD).
  26. This script or its customized version can be useful for many type of public 
  27. facing servers including mail servers to protect from spams etc.
  28. Please use this at your own risk and read carefully before using. You might 
  29. need to change some parts according to your needs. 
  30. """
  31.  
  32. Iptable_rules = """
  33. *filter
  34. -A INPUT -i lo -j ACCEPT
  35. -A INPUT -d 127.0.0.0/8 -j REJECT
  36. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  37. -A OUTPUT -j ACCEPT
  38. -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
  39. -A INPUT -p icmp -j ACCEPT
  40. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
  41. -A INPUT -j DROP
  42. -A FORWARD -j DROP
  43. COMMIT
  44. """
  45.  
  46. ip_list = []
  47.  
  48. all_links = ["http://www.spamhaus.org/drop/drop.txt"]
  49.  
  50. def get_spamhaus_ip(link):
  51.     f = requests.get(link)
  52.  
  53.     for each in f.text.split():
  54.         try:    
  55. 	    temp_net = IPNetwork(each)
  56. 	    ip_list.append(temp_net)
  57.         except:
  58.             pass
  59.  
  60.  
  61. def set_blocklist(ips):
  62.  
  63.     cmdstring = "iptables -A droplist -s %s -j DROP" % (ips)
  64.     os.system(cmdstring)
  65.  
  66.  
  67. def use_blocklist():
  68.     os.system("iptables -I INPUT -j droplist")	
  69.     os.system("iptables -I OUTPUT -j droplist")
  70.     os.system("iptables -I FORWARD -j droplist")
  71.  
  72.  
  73. def iptables_setup():
  74.  
  75.     print "\n\n\n(+) Flushing old rules in droplist\n"
  76.     os.system("iptables -F droplist")
  77.  
  78.     print "(+) Installing firewall"
  79.     f002 = open('/etc/iptables.firewall.rules','w')
  80.     f002.write(Iptable_rules)
  81.     f002.close()
  82.     os.system("iptables-restore < /etc/iptables.firewall.rules")
  83.     print "(+) Firewall is running"
  84.     print "(+) Setting up firewall on startup"
  85.  
  86.     print "\n(+) Creating droplist chain"
  87.     os.system("iptables -N droplist")
  88.  
  89.     firewall_startup = """
  90.     #!/bin/sh
  91.     /sbin/iptables-restore < /etc/iptables.firewall.rules
  92.     /sbin/iptables -N droplist
  93.     """
  94.     f003 = open('/etc/network/if-pre-up.d/firewall','w')
  95.     f003.write(firewall_startup)
  96.     f003.close()
  97.     os.system("chmod +x /etc/network/if-pre-up.d/firewall")
  98.  
  99.  
  100. def controller():
  101.     print Welcome
  102.     print "\n" 
  103.     print Disclaimer	
  104.  
  105.     iptables_setup()
  106.  
  107.     print "(+) Quering Spamhaus Blacklist"
  108.  
  109.     for l in all_links:
  110.         get_spamhaus_ip(l)
  111.  
  112.     print "(+) Refreshing droplist chain"
  113.  
  114.     for net in ip_list:
  115.         set_blocklist(net)
  116.  
  117.     print "(+) Applying droplist to filter chain"
  118.     use_blocklist()
  119.  
  120. # This script must be run as root to avoid permission
  121. # issues.
  122. #So lets make sure that no other user can run it.
  123. my_user = getpass.getuser()
  124. if(my_user != 'root'):
  125.     print "(+) Please run this script as ROOT"
  126.     sys.exit()
  127.  
  128. else:
  129.     os.system("clear")
  130.     controller()
  131.     print "\n(+) Firewall updated !"

URL: www.jsinix.com

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.