Menu
▾
▴
Tree [d43178] master / History
| File | Date | Author | Commit |
|---|---|---|---|
| libmingw | 2016-07-27 |
Andy Xuming
|
[f82173] Ported to Win32 console. Updated the iptables r... |
| .gitignore | 2016-07-26 |
Andy Xuming
|
[b6c40a] Updated the makefile for releasing the program. |
| COPYING | 2015-10-09 |
Andy Xuming
|
[695587] manpage added |
| Makefile | 2016-08-04 |
Andy Xuming
|
[d53334] Generate a shell script instead of executing co... |
| README.txt | 2016-07-27 |
Andy Xuming
|
[81285d] Minor changes. |
| ipblocklist.1 | 2015-10-09 |
Andy Xuming
|
[695587] manpage added |
| ipblocklist.c | 2016-08-04 |
Andy Xuming
|
[d43178] small adjustment and tested in Linux. |
| ipblocklist.pdf | 2016-07-26 |
Andy Xuming
|
[b6c40a] Updated the makefile for releasing the program. |
Read Me
Ipblocklist =========== Ipblocklist is a small tool to download the IP block lists from iblocklist.com, which are usually used for P2P software like Transmission, uTorrent and Vuze. Ipblocklist can also convert the Transmission like format to IPSET format for the kernel level IP filter, which helps the security of the whole system. Ipblocklist is written in C. The release package includes the source codes, the precompiled libraries and a static linked executable program for Windows console. How to Build ============ Ipblocklist requires zlib and libcurl development libraries installed first. Then in the command line: $ make If you don't want libcurl you can use wget to access URL instead. Just edit the Makefile and comment out this line: NETTOOL = -DCFG_LIBCURL then $ make In the Raspberry Pi =================== I finally figured out how to use it in the Raspberry Pi. My Raspberry Pi has installed the ipset but not installed gcc toolchains to save space. My local computer has not installed the ipset nor the ARM gcc, just installed the default toolchains. I don't want to install the development tool in the tiny Pi box and neither want to install a full scale crossplatform tool chains just for this utitlity tool. So I simply build the executable in my local machine and then download the block list to the ipset, for example: $ ipblocklist -d1,3 -c -i -s MYIPSET It will centainly fail because there's no ipset and you are not root either. But ipblocklist will simulate the process so you will find outputs like this: Downloading 'Bluetack LVL 2': .................................................. Uncompressing: .................................................. Downloading 'Bluetack Microsoft': .................................................. Uncompressing: .................................................. sh: 1: ipset: not found IPSET is not found. [Simulating] ipset create -exist MYIPSET_TMP hash:net maxelem 84340 ipset flush MYIPSET_TMP ipset restore < iblock_20160726224212_ipset.txt ipset create -exist MYIPSET hash:net maxelem 84340 ipset swap MYIPSET MYIPSET_TMP ipset destroy MYIPSET_TMP iptables -A INPUT -m set --match-set MYIPSET src -j ULOG --ulog-prefix "Blocked input MYIPSET" iptables -A FORWARD -m set --match-set MYIPSET src -j ULOG --ulog-prefix "Blocked fwd MYIPSET" iptables -A FORWARD -m set --match-set MYIPSET dst -j ULOG --ulog-prefix "Blocked fwd MYIPSET" iptables -A OUTPUT -m set --match-set MYIPSET dst -j ULOG --ulog-prefix "Blocked out MYIPSET" iptables -A INPUT -m set --match-set MYIPSET src -j DROP iptables -A FORWARD -m set --match-set MYIPSET src -j DROP iptables -A FORWARD -m set --match-set MYIPSET dst -j REJECT iptables -A OUTPUT -m set --match-set MYIPSET dst -j REJECT Now you have got the file of ipset rules, iblock_20160726224212_ipset.txt, and the necessary command sequence: ipset create -exist MYIPSET_TMP hash:net maxelem 84340 ipset flush MYIPSET_TMP ipset restore < iblock_20160726224212_ipset.txt ipset create -exist MYIPSET hash:net maxelem 84340 ipset swap MYIPSET MYIPSET_TMP ipset destroy MYIPSET_TMP ...... Simply scp the iblock_20160726224212_ipset.txt to your Pi box and ssh to it as root then paste this script, done.
