
Need to incorporate list blocking into Tomato GUI.
Country list blocking, Spam list blocking, Blacklists, Bogon, via bash script.
The current site / ip restriction GUI is limited to single entries, and does not drop in/out traffic.
I've seen many optware hacks to acheive this, but this needs to be a part of the build.
Using the spam lists on most sites stops %50 or more of the garbage traffic.
Using countryblock on China alone stops most of the script kiddies attacks.
Also again want to thank all those that are part of the Tomato project, this is great stuff.
Happy holidays everyone.
Here again is my countryblock script ran from the scheduler every week, it might be useful to the Gods of Tomato like Shibby, Toastman, etc..
#!/bin/bash
### Block all traffic from ISO code ###
ISO="cn"
### Set PATH ###
IPT=/usr/sbin/iptables
WGET=/usr/bin/wget
EGREP=/bin/egrep
### No editing below ###
SPAMLIST="countrydrop"
ZONEROOT="/root/iptables"
DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
cleanOldRules(){
$IPT -F $SPAMLIST
}
# create a dir
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
# clean old rules
cleanOldRules
# create a new iptables list
$IPT -N $SPAMLIST
for c in $ISO
do
# local zone file
tDB=$ZONEROOT/$c.zone
# get fresh zone file
$WGET -O $tDB $DLROOT/$c.zone
# country specific log message
SPAMDROPMSG="$c Country Drop"
# get
BADIPS=$(egrep -v "^#|^$" $tDB)
for ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT -A $SPAMLIST -s $ipblock -j DROP
done
done
# Drop everything
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
exit 0
