Over the years we have heard all kinds of false and incorrect This is a small part of the start of his article, just to get you going:īlocklists block billions of innocent people Unfortunately, the full article is no longer available. This is a highly informative article written by a professional in the IT Security industry. 1 Firstly, are Block Lists worth the trouble?įirstly, are Block Lists worth the trouble?.I hope this helps someone else out along the way. This flushes the tables, and then imports the new list. System("/usr/sbin/iptables-restore -noflush < /root/pg.firewall") System("/usr/sbin/iptables -F PGBLOCK$_") I did this with a perl script that looks something like: Now, updating the firewall is a little more tricky, you need to flush the tables manually before re-importing. Use that along with iptables-restore to build the firewall. ![]() It’ll generate a file called pg.firewall. But just set all that up, and run the script. You need write access as the user youre running as, to the directory you’re running it from, and the lists directory, of course. It needs a scratch directory for the lists it downloads. There are a few variables at the top of the scipt that point to where you’d like some things to be saved. Wondering if you can get ahold of my script? Now each packet gets subjected to a couple hundred (or thousand) rules instead of 226000 of them. and 127.), and then i setup more specific rules inside of the PGBLOCK chain. This worked, but delayed every inbound packet to the point that my network connection was almost useless. This tells iptables to pass all inbound packets through my chains before they even touch any other rules.Īt first, i tried entering all of my rules into the PGBLOCK chain. This adds the chains, and adds them to the iptables INPUT chain. So, on my Fedora 11 Test machine in added the following to /etc/sysconfig/iptables.Īfter the chain definitions (the :CHAINNAME lines) i added 4 lines. I also created a chain called PGALLOW which supersedes the block list. I decided that the best way to make this list easy to update was to create a new chain, called PGBLOCK, and put my rules in there. By very long, I mean long! Over 226000 lines! I started writing my own parser, and before long, i had a very long list of iptables compatible rules. Makes sense that i might be able to do the same, right? So i pointed my web browser there, and sure enough, i’m presented with a list of rules! Rules that dont match iptables, but look very easy to parse! So, I did just that. Well recently I happened to be watching peer guardian run its update, and realized that it s pulling its lists from an http address. So for a very long time, i went on using peer guardian locally. Thats not to say it doesnt work, i just couldnt get it working on my Smoothie. There’s a Project called moblock, which is supposed to do this. ![]() Firewall! So i set out to find a way to add peerguardian’s lists to my Smoothie. The problem is, sometimes it has issues, and to be honest, I always thought it’d be cleaner to put the firewalling, on my…. Peer Guardian is a great program, and most of the time it works very well. I also run PeerGuardian, from Phoenix Labs, on my workstations to help block certain access to my machines. ![]() It’s not quite as plug and play, but it works very well, and I have a lot more control over it. It’s a very robust replacement for these soho routers that everyone seems to use. ![]() At home, I have a Smoothwall which connects my network to the internet.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |