#!/usr/bin/perl #H# This script poles the various IP registries and makes a list of all subnets #H# that are outside of the US and CA. It writes them to /etc/pf/foreigners.txt #H# which is in the format that pf uses for tables. #H# There are exceptions and additional IPs stored in 2 hashes: #H# %Exceptions and %Spammers #H# #H# Here are the pf rules to implament this as a redirector to spamd: #H# table persist file "/etc/pf/foreigners.txt" #H# rdr on de1 proto tcp from to de1 port 25 -> de1 port 8025 use Net::CIDR::Lite; my $cidr = Net::CIDR::Lite->new; # backup the old file just in case something goes FUBAR system ("/usr/local/bin/gcp -f /etc/pf/foreigners.txt /etc/pf/foreigners.txt.old"); # a list of exceptions that don't get firewalled. %Exceptions=(); $Exceptions{"140.105.134.102"}="Gentoo Weekly Newsletter"; $Exceptions{"217.160.77.171"}="Bought something from them"; $Exceptions{"213.165.64.20"}="Sent legit email about my pictures site"; $Exceptions{"217.12.12.141"}="Sent legit email about my pictures site"; $Exceptions{"156.56.111.0/24"}="Gentoo list"; $Exceptions{"203.217.30.81"}="OpenBSD"; $Exceptions{"213.235.193.66"}="SyncPOD"; $Exceptions{"195.82.107.148"}="gentoo emails"; $Exceptions{"134.68.220.30"}="gentoo emails"; $Exceptions{"217.160.128.146"}="bunkus.org"; $Exceptions{"194.245.103.2"}="Joker"; $Exceptions{"217.160.230.15/24"}="1and1"; $Exceptions{"195.92.253.0/24"}="comoo"; $Exceptions{"195.92.253.138"}="comodo"; $Exceptions{"82.111.230.0/24"}="pledgebank"; $Exceptions{"217.70.179.0/24"}="gandi"; $Exceptions{"217.70.177.0/24"}="gandi"; $Exceptions{"213.61.92.115"}="Asus"; $Exceptions{"80.91.229.0/24"}="Gmane"; $Exceptions{"129.240.10.0/24"}="Gmane"; $Exceptions{"80.74.144.0/24"}="Mplayer"; $Exceptions{"213.144.138.0/24"}="Mplayer"; $Exceptions{"78.47.159.0/24"}="Howtoforge"; $Exceptions{"195.70.130.0/24"}="Avast"; $Exceptions{"91.213.143.0/24"}="Avast"; $Exceptions{"195.47.75.0/24"}="Avast"; $Exceptions{"213.133.104.28"}="dynamicrange.de"; $Exceptions{"62.108.137.10"}="ZDNet"; $Exceptions{"203.214.176.0/24"}="NetGear"; $Exceptions{"74.124.203.0/24"}="pcplanetsystems"; $Exceptions{"85.112.165.69"}="newzbin"; $Exceptions{"116.66.166.108"}="OpenSSH/mindrot"; # a blacklist of known spammers %Spammers=(); $Spammers{"66.35.244.0/24"}="Sent me a Sprint spam"; $Spammers{"66.181.198.251"}="sent stupid newsletter"; $Spammers{"65.111.23.0/24"}="Marketing company"; $Spammers{"208.53.9.0/24"}="Marketing company"; $Spammers{"66.248.143.0/24"}="Marketing company"; # check for verbosity if ($ARGV[0] eq "-v") { $Verbose="Y"; $MVParams="-fv"; $RMParams="-fv"; } else { $Verbose="N"; $MVParams="-f"; $RMParams="-f"; } # ftp sites for the different NICs %FTP=(); $FTP{"GeoLite"}="http://www.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip"; $IPCount=0; $CIDRCount=0; $TempFile=`mktemp`; chomp $TempFile; foreach $NIC (keys(%FTP)) { if ($Verbose eq "Y") { print "Getting IPs from $NIC...\t"; } system ("wget -q -O- $FTP{$NIC} > $TempFile"); open (LIST, "/usr/local/bin/unzip -p $TempFile |"); $Count=0; while () { $Line=$_; ($Junk,$BeginIP,$Junk,$EndIP,$Junk,$Junk,$Junk,$Junk,$Junk,$Country,$Junk)=split (/"/,$Line,11); if ($Country ne "US" && $Country ne "*" && $Country ne "CA") { $Count++; $CIDRCount++; #$IPCount=$IPCount+$NumIP; $Loop=1; $Range=$BeginIP . "-" . $EndIP; $cidr->add_range($Range); } } close (LIST); system ("rm -f $TempFile"); if ($Count <= 1) { close (FILE); system ("/usr/local/bin/grm $RMParams /etc/pf/foreigners.txt.new"); die ("Can't get records from $NIC\n"); } if ($Verbose eq "Y") { print "added $Count.\n"; } } close (FILE); if ($Verbose eq "Y") { print "Merging connected CIDR blocks...\n"; } open (FILE, ">/etc/pf/foreigners.txt.new"); $MergedCIDRCount=0; @cidr_list = $cidr->list; foreach $Block (@cidr_list) { print (FILE "$Block\n"); $MergedCIDRCount++; } print (FILE "#Known spammers\n"); foreach $IP (keys (%Spammers)) { print (FILE "$IP\n"); } print (FILE "#Exceptions\n"); foreach $IP (keys (%Exceptions)) { print (FILE "!$IP\n"); } close (FILE); system ("/usr/local/bin/gmv $MVParams /etc/pf/foreigners.txt.new /etc/pf/foreigners.txt"); if ($Verbose eq "Y") { print "Total CIDR blocks added: $CIDRCount\n"; #print "Total IP Addresses contained within those CIDR blocks: $IPCount\n"; print "Total CIDR block after merging: $MergedCIDRCount.\n"; }