Tema: Iptables facebook
Ver Mensaje Individual
  #3 (permalink)  
Antiguo 17/07/2013, 08:13
Avatar de Melecio
Melecio
 
Fecha de Ingreso: julio-2011
Ubicación: Coahuila
Mensajes: 320
Antigüedad: 12 años, 10 meses
Puntos: 8
Respuesta: Iptables facebook
LOGRE HACERLO AQUY LES DEJO MI SCRIPT EN PERL
Código: 
#!/usr/bin/perl
use CGI;
use DBI;
$cgiObj = CGI ->new;
$params = 'DBI:mysql:MIBD:localhost';
$user= 'root';
$pass = 'MICLAVE';
$conn = DBI ->connect ($params, $user, $pass);
$sql = "SELECT * FROM ip_deny_page" ;
$query = $conn->prepare($sql);
$query->execute();
system "iptables -F";
while (@row = $query->fetchrow_array){
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.50 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 173.252.110.27 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d  31.13.76.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d  31.13.70.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.49 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.34 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.33 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.50 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.70.2 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.70.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.56 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.57 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.75.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.75.18 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.76.8 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.76.16 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.40 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.55 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.75.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.76.8 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.75.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.77.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.229.25 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.141.228.24 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.141.247.21 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.229.25 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.224.42 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.224.43 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.237.20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.228.24 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.237.21 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 65.201.208.24/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 65.204.104.128/28 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 66.93.78.176/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 66.92.180.48/28 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 67.200.105.48/30 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.63.176.0/20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 69.171.224.0/19 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 74.119.76.0/22 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 204.15.20.0/22 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 66.220.144.0/20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 173.252.64.0/18 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 66.199.37.136/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.76.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 31.13.75.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.150.7 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.148.10 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.149.230 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.150.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.148.212 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.148.82 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.148.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.148.20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.149.200 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 199.59.149.232 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 208.43.122.131 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1  -s $row[1] -d 208.43.122.132 -p tcp --dport 443 -j DROP";

print "Direccion ip LIMITADA  \e[0;32m[OK]\e[0m   $row[1]  \n";
}

system "iptables -A FORWARD -s 192.168.1.2 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.3 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.4 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.5 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.6 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.7 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.8 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.9 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.10 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.12 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.14 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.15 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.16 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.17 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.18 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.19 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.36 -i eth1 -p tcp --dport 443 -j DROP";
print "\n\n";
print "\e[0;32m---------------------------------------------\n \e[0m";
print "              DHCP DISPONIBES \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.2  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.3  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.4  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.5  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.6  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.7  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.8  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.9  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.10  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.12  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.14  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.15  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.16  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.17  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.18  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.19  \n";
print "HTTPS DENEGADO   \e[0;32m[OK]\e[0m   192.168.1.36  \n";

print "\e[0;32m---------------------------------------------\n \e[0m";

print "                    BLACK LIST     \n";

$sql_black_list = "SELECT * FROM black_list" ;
$query_black_list = $conn->prepare($sql_black_list);
$query_black_list->execute();
while (@row_black_list = $query_black_list->fetchrow_array){
system "iptables -A INPUT -p all -m mac --mac-source $row_black_list[1] -j DROP";
print "HTTP DENEGADO  \e[0;32m[*]\e[0m   $row_black_list[1]  \n";
}

print "\n\n";
print "REGLAS AGREGADAS CORRECTAMENTE [OK] \n";
Última edición por Melecio; 17/07/2013 a las 08:22