#!/usr/bin/perl die "This script has been replaced by fwgeo.pl.\n" #H# This script poles the various IP registries and makes a list of all subnets #H# that are outside of the US and CA. It writes them to /etc/pf/foreigners.txt #H# which is in the format that pf uses for tables. #H# There are exceptions and additional IPs stored in 2 hashes: #H# %Exceptions and %Spammers #H# #H# Here are the pf rules to implament this as a redirector to spamd: #H# table persist file "/etc/pf/foreigners.txt" #H# rdr on de1 proto tcp from to de1 port 25 -> de1 port 8025 use Net::CIDR::Lite; my $cidr = Net::CIDR::Lite->new; # backup the old file just in case something goes FUBAR system ("/usr/local/bin/gcp -f /etc/pf/foreigners.txt /etc/pf/foreigners.txt.old"); # a list of exceptions that don't get firewalled. %Exceptions=(); $Exceptions{"140.105.134.102"}="Gentoo Weekly Newsletter"; $Exceptions{"217.160.77.171"}="Bought something from them"; $Exceptions{"213.165.64.20"}="Sent legit email about my pictures site"; $Exceptions{"217.12.12.141"}="Sent legit email about my pictures site"; $Exceptions{"156.56.111.0/24"}="Gentoo list"; $Exceptions{"203.217.30.81"}="OpenBSD"; $Exceptions{"213.235.193.66"}="SyncPOD"; $Exceptions{"195.82.107.148"}="gentoo emails"; $Exceptions{"134.68.220.30"}="gentoo emails"; $Exceptions{"217.160.128.146"}="bunkus.org"; $Exceptions{"194.245.103.2"}="Joker"; $Exceptions{"217.160.230.15/24"}="1and1"; $Exceptions{"195.92.253.0/24"}="comoo"; $Exceptions{"195.92.253.138"}="comodo"; $Exceptions{"82.111.230.0/24"}="pledgebank"; $Exceptions{"217.70.179.0/24"}="gandi"; $Exceptions{"217.70.177.0/24"}="gandi"; $Exceptions{"213.61.92.115"}="Asus"; # a blacklist of known spammers %Spammers=(); $Spammers{"66.35.244.0/24"}="Sent me a Sprint spam"; $Spammers{"66.181.198.251"}="sent stupid newsletter"; $Spammers{"65.111.23.0/24"}="Marketing company"; $Spammers{"208.53.9.0/24"}="Marketing company"; $Spammers{"66.248.143.0/24"}="Marketing company"; # check for verbosity if ($ARGV[0] eq "-v") { $Verbose="Y"; $MVParams="-fv"; $RMParams="-fv"; } else { $Verbose="N"; $MVParams="-f"; $RMParams="-f"; } # ftp sites for the different NICs %FTP=(); $FTP{"ARIN"}="ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest"; $FTP{"RIPE"}="ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest"; $FTP{"LACNIC"}="ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest"; #$FTP{"APNIC"}="http://ftp.apnic.net/stats/apnic/new/delegated-apnic-latest"; $FTP{"APNIC"}="http://ftp.apnic.net/stats/apnic/delegated-apnic-latest"; $IPCount=0; $CIDRCount=0; foreach $NIC (keys(%FTP)) { #print (FILE "#IPs from $NIC not listed as US or CA\n"); if ($Verbose eq "Y") { print "Getting IPs from $NIC...\t"; } open (LIST, "wget -q -O- $FTP{$NIC} |") or die "Could not get IP list from $NIC\n"; $Count=0; while () { $Line=$_; if ($Line =~ /\|ipv4\|/) { ($NIC,$Country,$IPV,$BeginIP,$NumIP,$Date,$Status)=split(/\|/,$Line); if ($Country ne "US" && $Country ne "*" && $Country ne "CA") { $Count++; $CIDRCount++; $IPCount=$IPCount+$NumIP; $Loop=1; while ($NumIP > 2) { $NumIP=$NumIP/2; $Loop++; } $CIDR=32-$Loop; $CIDR="$BeginIP" . "/$CIDR"; $cidr->add($CIDR); } } } close (LIST); if ($Count <= 1) { close (FILE); system ("/usr/local/bin/grm $RMParams /etc/pf/foreigners.txt.new"); die ("Can't get records from $NIC\n"); } if ($Verbose eq "Y") { print "added $Count.\n"; } } close (FILE); if ($Verbose eq "Y") { print "Merging connected CIDR blocks...\n"; } open (FILE, ">/etc/pf/foreigners.txt.new"); $MergedCIDRCount=0; @cidr_list = $cidr->list; foreach $Block (@cidr_list) { print (FILE "$Block\n"); $MergedCIDRCount++; } print (FILE "#Known spammers\n"); foreach $IP (keys (%Spammers)) { print (FILE "$IP\n"); } print (FILE "#Exceptions\n"); foreach $IP (keys (%Exceptions)) { print (FILE "!$IP\n"); } close (FILE); system ("/usr/local/bin/gmv $MVParams /etc/pf/foreigners.txt.new /etc/pf/foreigners.txt"); if ($Verbose eq "Y") { print "Total CIDR blocks added: $CIDRCount\n"; print "Total IP Addresses contained within those CIDR blocks: $IPCount\n"; print "Total CIDR block after merging: $MergedCIDRCount.\n"; }