AnderssonPeter / tomato-block-malicious-ips

Scripts used to block malicious ip's like tor, shodan, stretchoid and binary-edge

Home Page:https://anderssonpeter.github.io/tomato-block-malicious-ips/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Block tor

Init script

Under Administration -> Scripts -> Init add

modprobe -a ip_set ip_set_hash_ip xt_set
ipset create tor hash:ip

Firewall script

Under Administration -> Scripts -> Firewall add

iptables -I FORWARD -m set --match-set tor src -j DROP

Schedule script

Then to update populate the ipset with ips add the following script under Administration -> Scripts -> Scheduler

set -e
logger -p "info" "Fetching new ip's to add"

result="`wget -qO- https://check.torproject.org/exit-addresses`"
logger -p "info" "Fetched ${#result} bytes"

logger -p "info" "Removing all ip's from tor ipset"
ipset flush tor

echo "$result" |
while IFS= read -r line; do
    match=$(echo "$line" | sed -n 's/ExitAddress \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p')
    if [ ! -z "$match" ]
    then
        ipset -! add tor "$match"
    fi
done

logger -p "info" "Done creating tor ipset"

Block shodan, stretchoid and binary-edge

Init script

Under Administration -> Scripts -> Init add

modprobe -a ip_set ip_set_hash_ip xt_set
ipset create shodan hash:ip
ipset create stretchoid hash:ip
ipset create binary-edge hash:ip
ipset create other hash:ip

Firewall script

Under Administration -> Scripts -> Firewall add

iptables -I FORWARD -m set --match-set shodan src -j DROP
iptables -I FORWARD -m set --match-set stretchoid src -j DROP
iptables -I FORWARD -m set --match-set binary-edge src -j DROP
iptables -I FORWARD -m set --match-set other src -j DROP

Schedule script

Then to update populate the ipset with ips add the following script under Administration -> Scripts -> Scheduler

set -e
update_ipset()
{
    name=$1
    url=$2
    logger -p "info" "Fetching new ip's to add to $name"
    result="`wget -qO- $url`"
    logger -p "info" "Fetched ${#result} bytes"
    logger -p "info" "Removing all ip's from $name ipset"
    ipset flush $name
    echo "$result" |
    while IFS= read -r line; do
        match=$(echo "$line" | sed -n 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p')
        if [ ! -z "$match" ]
        then
            ipset -! add "$name" "$match"
        fi
    done
}
update_ipset "shodan" "https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/shodan"
update_ipset "stretchid" "https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/stretchoid"
update_ipset "binary-edge" "https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/binary_edge"
update_ipset "other" "https://raw.githubusercontent.com/SilvrrGIT/IP-Lists/master/other"

Verify / debug

When the scripts run they add log entries to Status > Logs. You can also ssh or telnet into the router and run ipset list [name]. (replace [name] with tor, shodan, strechoid, binary-edge or other)

Todo / limitations

  • The ipset's currently get cleared when you reboot your router.
  • currently only supports ipv4 connections

Acknowledgements

Thanks to SilvrrGIT for having awesome ip block lists on his github.

About

Scripts used to block malicious ip's like tor, shodan, stretchoid and binary-edge

https://anderssonpeter.github.io/tomato-block-malicious-ips/

License:MIT License


Languages

Language:HTML 100.0%