LOGRE HACERLO AQUY LES DEJO MI SCRIPT EN PERL
Código:
#!/usr/bin/perl
use CGI;
use DBI;
$cgiObj = CGI ->new;
$params = 'DBI:mysql:MIBD:localhost';
$user= 'root';
$pass = 'MICLAVE';
$conn = DBI ->connect ($params, $user, $pass);
$sql = "SELECT * FROM ip_deny_page" ;
$query = $conn->prepare($sql);
$query->execute();
system "iptables -F";
while (@row = $query->fetchrow_array){
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.50 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 173.252.110.27 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.76.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.70.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.49 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.34 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.33 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.50 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.70.2 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.70.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.56 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.57 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.75.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.75.18 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.76.8 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.76.16 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.40 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.55 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.75.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.76.8 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.75.17 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.77.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.229.25 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.141.228.24 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.141.247.21 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.229.25 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.224.42 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.224.43 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.237.20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.228.24 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.237.21 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 65.201.208.24/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 65.204.104.128/28 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 66.93.78.176/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 66.92.180.48/28 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 67.200.105.48/30 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.63.176.0/20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 69.171.224.0/19 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 74.119.76.0/22 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 204.15.20.0/22 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 66.220.144.0/20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 173.252.64.0/18 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 66.199.37.136/29 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.76.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 31.13.75.1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.150.7 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.148.10 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.149.230 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.150.39 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.148.212 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.148.82 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.148.87 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.148.20 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.149.200 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 199.59.149.232 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 208.43.122.131 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -i eth1 -s $row[1] -d 208.43.122.132 -p tcp --dport 443 -j DROP";
print "Direccion ip LIMITADA \e[0;32m[OK]\e[0m $row[1] \n";
}
system "iptables -A FORWARD -s 192.168.1.2 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.3 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.4 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.5 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.6 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.7 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.8 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.9 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.10 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.12 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.14 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.15 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.16 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.17 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.18 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.19 -i eth1 -p tcp --dport 443 -j DROP";
system "iptables -A FORWARD -s 192.168.1.36 -i eth1 -p tcp --dport 443 -j DROP";
print "\n\n";
print "\e[0;32m---------------------------------------------\n \e[0m";
print " DHCP DISPONIBES \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.2 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.3 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.4 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.5 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.6 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.7 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.8 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.9 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.10 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.12 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.14 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.15 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.16 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.17 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.18 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.19 \n";
print "HTTPS DENEGADO \e[0;32m[OK]\e[0m 192.168.1.36 \n";
print "\e[0;32m---------------------------------------------\n \e[0m";
print " BLACK LIST \n";
$sql_black_list = "SELECT * FROM black_list" ;
$query_black_list = $conn->prepare($sql_black_list);
$query_black_list->execute();
while (@row_black_list = $query_black_list->fetchrow_array){
system "iptables -A INPUT -p all -m mac --mac-source $row_black_list[1] -j DROP";
print "HTTP DENEGADO \e[0;32m[*]\e[0m $row_black_list[1] \n";
}
print "\n\n";
print "REGLAS AGREGADAS CORRECTAMENTE [OK] \n";