Dynamic Blacklisting Iptables plus Firewall GUI for Bluequartz
This is a perl daemon that uses a shell script and php front end.
Features
- Easy Iptables configuration
- Automated Whitelist and Blacklist
- Protection against Attempted Service Exploits, it will Kill attacks with seconds
- Completely configurable by web front end.
You will require the following Perl modules from cpan.
- Proc::Daemon
- Proc::PID::File
- NetAddr::IP
Quickest way of getting these is by..
# perl -MCPAN -e 'install NetAddr::IP'
# perl -MCPAN -e 'install Proc::Daemon'
# perl -MCPAN -e 'install Proc::PID::File'
Download
Then as root..
tar -cxzf firewall.tgz
cp lists.xml /usr/sausalito/ui/menu/base/lists.xml
mkdir /usr/sausalito/ui/web/base/firewall
cp firewall.php /usr/sausalito/ui/web/base/firewall
mkdir /home/firewall
touch /home/firewall/blacklist
touch /home/firewall/whitelist
touch /home/firewall/ports
touch /home/firewall/udp
touch /home/firewall/ftp
cp rules /home/firewall
chown apache.apache /home/firewall -R
chmod 700 /home/firewall -R
cp iptables.sh /usr/bin/
chmod 755 /usr/bin/iptables.sh
cp monitor2.pl /usr/bin/
chmod 755 /usr/bin/monitor2.pl
Backup your /etc/cron.hourly/log_traffic
replace it with the log_traffic file supplied.
If you are ssh'd into your machine PLEASE put your PC's IP in the whitelist (one entry per line)
optional you can please netmask i.e 192.168.0.1/24
To start the Daemon:
Please restart your iptables using /etc/init.d/iptables -restart to make sure the correct chains are in place to start with the first time you use this
/usr/bin/monitor2.pl
To stop the Daemon:
/usr/bin/monitor2.pl stop
You'll find a log file at:
/var/log/monitor_log
You can reduce the output to this log by setting the $log to 0 in the monitor2.pl
The php front end will by available the next time you log in under "Network Services" it will dynamically reload the settings to the daemon.
Please send some feedback and suggestions on further development.
Thanks
LEigh
leigh@codacommerce.com