BFW Firewall & Router

[Flex]

Hello!
Version Brazilfw 2.32.2
iptables with working

iptables -A INPUT -s $test -i $IF_INET -j DROP

I write in the file "test" iprange
220.220.1.1/24
193.220.1.0/24
194.119.11.1/24

Problem; save - restart iptables, iptables writes: "Bad Argument 220.220.1.1/24 mask"
working iptables/Brazilfw with File.

Brazilfw working with USB-Wlan Stick DWL-122

thank you
Greetings from Germany
Brazilfw is very good

[ghost]

220.220.1.1/24
193.220.1.0/24
194.119.11.1/24

try this way

220.220.1.0/24
193.220.1.0/24
194.119.11.0/24


Saludos

[Flex]

Sorry, that was an example:

220.220.1.1/24
193.220.1.0/24
194.119.11.1/24

correct is in file
220.220.1.0/24
193.220.1.0/24
194.119.11.0/24

save - restart iptables, iptables writes: "Bad Argument 220.220.1.0/24 mask"
sorry

[Flex]

Hi
I found a solution for blocking the iprange.
check this Link:
http://centoshacker.com/kabir/security/ ... -rule.html

change the script to:
_____________________________________________________________________________________________
#!/bin/sh
# Filename: blockip.sh
# Purpose: blocks all IP address/network found in a text file
# The text file must have one IP address or network per line
#################################################################

# Change the following path/filename to match yours
IP_LIST_FILE=/etc/blockip.txt

#################################################################
# Don't change anything below unless you are a smarty pant!
#################################################################
IPTABLES=/usr/sbin/iptables

# Get the IP address/network from the file and ignore any line starting with # (comments)
BAD_IP_ADDR_LIST=$(grep -Ev "^#" $IP_LIST_FILE)

# Now loop through the IP address/network list and ban them using iptabels
for i in $BAD_IP_ADDR_LIST
do

echo -n "Blocking $i ...";
$IPTABLES -I FORWARD -s $i -j DROP
$IPTABLES -I FORWARD -d $i -j DROP

echo "DONE.";
done
##################################################################
# END OF SCRIPT - NOTHING TO SEE HERE - THAT'S ALL FOLKS!
##################################################################
____________________________________________________________________________________________________

create file blockip.txt,
format file blockip.txt:
19X.10X.8.0/X1
224.33.44.45
----------------------------------------------

example format 222.111.33.0 - 222.111.33.7 not working

copy script blockip.sh and file blockip.txt to Brazifw:
Step:
1. cd /
2. mt
3. cd /etc ,create ( use editor) or copy or wget these Files to /etc, you have big blockip.txt - > 4000 Entries --> better upload to http://myserver.xx or Homepage ; download with wget http://myserver.xx/blockip.sh, wget http://myserver.xx/blockip.txt to Brazilfw /etc. )
4. chown root.root blockip.sh, chown root.root blockip.txt ,chmod 750 blockip.sh , chmod 644 blockip.txt
5.cd /
6. umt
7. cat /etc/rc.d/rc.local , Entrie: sh /etc/blockip.sh
8. save, run Webadmin or menu: Backup
9. Reboot Brazilfw,....... see bootscreen,

"Blocking 19X.10X.8.0/X1 DONE."
"Blocking 224.33.44.45 DONE."

10. run top , --check cpu and mem



10. testing / see Webadmin: diagnostics -> active Firewallrule or console, run: iptables -L -n
pkts bytes target prot opt in out source destination
9 540 DROP all -- * * 0.0.0.0/0 19X.10X.8.0/X1


block function work

11. no blocking ip or Country, blockip.txt paste: #
#19X.10X.8.0/X1
224.33.44.45

you have problem with countries
see link for ip:
http://www.ipdeny.com/
http://www.countryipblocks.net/country- ... t-formats/
http://software77.net/geo-ip/
http://www.iblocklist.com/lists.php
http://www.malware.com.br/lists.shtml

X delete Number
also work with: dnsmasq, entrie banner_add_hosts,/create banner_add_hosts under /etc

okay; her bad boys



Greetings from Görlitz - Germany

[Flex]

block range ip to ip ( Example. 1.1.1.1-1.1.1.255 )
script:
#!/bin/sh
# Filename: blockiprange.sh
# Purpose: blocks all IP address/network found in a text file
# The text file must have one IP address or network per line
#################################################################

# Change the following path/filename to match yours
IP_LIST_FILE=/etc/blockiprange.txt

#################################################################
# Don't change anything below unless you are a smarty pant!
#################################################################
IPTABLES=/usr/sbin/iptables

# Get the IP address/network from the file and ignore any line starting with # (comments)
BAD_IP_ADDR_LIST=$(grep -Ev "^#" $IP_LIST_FILE)

# Now loop through the IP address/network list and ban them using iptabels
for i in $BAD_IP_ADDR_LIST
do

echo -n "Blocking $i ...";
$IPTABLES -I FORWARD -m iprange --src-range $i -j DROP
$IPTABLES -I FORWARD -m iprange --dst-range $i -j DROP

echo "DONE.";
done
##################################################################
# END OF SCRIPT - NOTHING TO SEE HERE - THAT'S ALL FOLKS!
##################################################################

create blockiprange.txt, read
1.1.1.1-1.1.1.255

okay!

[El guapo Dan]

Cool!, thanks for sharing this.

Yes, you need one iptable rule per ip, subnet or a range of ips within the same subnet. However I prefer to use a default "drop" rule and then permit only a few ips.

Kind regards.

Daniel.