ipclassify Code
Brought to you by:
tonyabg
Menu
▾
▴
Tree [d552a0] master / History
Read Me
ipclassify ver 1.0 - Introduction ipclassify is a linux user space application that blocks/marks connections from/to hosts based on lists specified in a configuration file. Currently the block lists are in the format and obtained from iblocklist.com. ipclassify should compile and run on most any Linux system. The startup files, logwatch files, etc and installation are intended for Fedora/Redhat style systems. - Source Code You can get the latest copy via: git clone git://ipclassify.git.sourceforge.net/gitroot/ipclassify/ipclassify - Installation All you should need to do to install and run ipclassify is to edit the makefile and change the CFLAGS as necessary. Then run 'make'. If the build proceeds without errors, then just run 'make install'. Then you need to edit /etc/ipclassify.conf and determine the Queue Numbers and lists to be blocked for each Queue. You then need to download the blocklists to the directory /var/spool/ipclassify and decompress them. This should be done periodocally within cron as in: (note this should be one line within cron) * * * * * cd /var/spool/ipclassify; wget -nv -N -t 3 -w 1 -T 120 -i /etc/ipclassify.lists;\ gzip -d *; kill -HUP `cat /var/run/ipclassify.pid` Please Note: Setting up iptables is not covered by this README. However see the section titled 'Setup' below for some ideas. - Setup Setting up iptables to use ipclassify is largely left to the user, I myself use fwbuilder and am more comfortable with it. however here are some tips: Essentially you need to direct packets you are interested in to the necessary NFQUEUE. So within a start up script (/etc/rc.d/init.d/iptables most likely) you need: # setup the HTTP(s) QUEUE: /sbin/iptables -N ipclassify_http /sbin/iptables -A ipclassify_http -j NFQUEUE --queue-num 443 # setup the SSH QUEUE: /sbin/iptables -N ipclassify_ssh /sbin/iptables -A ipclassify_ssh -j NFQUEUE --queue-num 23 # Now point https request to ipclassify, queue 22 /sbin/iptables -N RULE_1 /sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j RULE_1 /sbin/iptables -A INPUT -p tcp -m tcp --dport 443 -j RULE_1 /sbin/iptables -A FORWARD -p tcp -m tcp --dport 443 -j RULE_1 /sbin/iptables -A RULE_1 -j LOG --log-level info --log-prefix "https connection:" /sbin/iptables -A RULE_1 -j ipclassify_http /sbin/iptables -N In_RULE_2 /sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j In_RULE_2 /sbin/iptables -A In_RULE_2 -j LOG --log-level info --log-prefix "SSH: " /sbin/iptables -A In_RULE_2 -j ipclassify_ssh Something along these lines should suffice. - Credits My heartfelt thanks to the many people who created and worked on moblock: http://moblock.berlios.de I ended up doing a complete re-write of what the did, but moblock was the inspiration. I did the re-write because I wanted to teach myself threaded programming and some other things, not because of any problems with moblock. Also I'd like to thank those who provided cprops - c prototyping tools: http://cprops.sourceforge.net/. Their implementation is used for the Red Black trees and is provided with this project.
