Sign in to follow this  
Followers 0
jessem

Simple Firewall?

16 posts in this topic

I have a few php scripts that plot down the remote user's IP on a text file when certain conditions are met. I would like an autoit script that will act as a firewall to block the ip addresses on this list and I honestly have no clue where to start for this one.

Suggestions? Is there a script already out there for this?

Share this post


Link to post
Share on other sites



what has a search of the forum resulted in?

Stuff from 2005 saying that it can't be done (however I know AutoIt has changed quite a lot since then), also some Client Server communication stuff. A function accepting certain Ips.

I poke my head in the forums here enough to know to search first (you'll generally find an answer) and to post some code on where you're at. I'm still looking though :)

Share this post


Link to post
Share on other sites

Stuff from 2005 saying that it can't be done (however I know AutoIt has changed quite a lot since then), also some Client Server communication stuff. A function accepting certain Ips.

I poke my head in the forums here enough to know to search first (you'll generally find an answer) and to post some code on where you're at. I'm still looking though :)

Well I thought for sure that there would now be some block incoming IP function. What a super handy thing to have had running as a service along side a web server.

I wont give up the ghost though!

Share this post


Link to post
Share on other sites

Well I thought for sure that there would now be some block incoming IP function. What a super handy thing to have had running as a service along side a web server.

I wont give up the ghost though!

use the standard functions that come with your webserver or install a proxy to scan the traffic, but forget about using AutoIt3 for that. AutoIt3 can probably help out updating your webservers blacklist.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I probably have no business in this thread being a noob, but could you not use autoit to just add these lists to your hosts file ?

Adding stuff to the Hosts file will only disable the DNS resolution for a hostname and not block access via port 80 for an IP adddress.

:)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Ya, I was kind of hoping for something closer to the nic and not at the server level. I could just have the php scripts add the promiscuous guest to the deny list on the .htaccess, but that's only stopping them from poking around on the website. They could still try and abuse other aspects of the server.

AutoIt would have been perfect because I thought for sure it could read incoming IPs to the machine(like TCPAccept) and just not grant access to those on a list.

Share this post


Link to post
Share on other sites

Ya, I was kind of hoping for something closer to the nic and not at the server level. I could just have the php scripts add the promiscuous guest to the deny list on the .htaccess, but that's only stopping them from poking around on the website. They could still try and abuse other aspects of the server.

AutoIt would have been perfect because I thought for sure it could read incoming IPs to the machine(like TCPAccept) and just not grant access to those on a list.

There is nothing close to the NIC that would help. You will have to check stuff on Layer 3 (Ip level). So I cannot see any reason not to use the Webserver application to do the blacklisten for you.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

You could always just buy a good router and set it in front of your server machine. If you find the right firmware (or pay enough) you can add blacklisted IPs to the router from a trusted source (the server).

Edited by Richard Robertson

Share this post


Link to post
Share on other sites

You could always just buy a good router and set it in front of your server machine. If you find the right firmware (or pay enough) you can add blacklisted IPs to the router from a trusted source (the server).

Ooh but automation would be soo much more fun, quicker and generally more reliable than manually updating my current hardware firewall every morning when I am at work.

Being able to add an IP to a black list on the fly would be so much more powerful than trusting myself (aka dumb human).

Jos- Agreed with only using the webserver to block access to the webserver for now, but I'm pretty sure that's only OSI layer 7 and wont offer any protection to other aspects of my server.

I'll keep my eyes open and will update this post if I find an AutoIt solution for this in the future. It would be quite useful to other admins I'm sure.

Thanks for the suggestions!

Share this post


Link to post
Share on other sites

Ooh but automation would be soo much more fun, quicker and generally more reliable than manually updating my current hardware firewall every morning when I am at work.

Being able to add an IP to a black list on the fly would be so much more powerful than trusting myself (aka dumb human).

Jos- Agreed with only using the webserver to block access to the webserver for now, but I'm pretty sure that's only OSI layer 7 and wont offer any protection to other aspects of my server.

I'll keep my eyes open and will update this post if I find an AutoIt solution for this in the future. It would be quite useful to other admins I'm sure.

Thanks for the suggestions!

At the risk of making another fail post.

If you were to go down the router path, could you not use autoit to automate the updating of the blocked IP's?


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

At the risk of making another fail post.

If you were to go down the router path, could you not use autoit to automate the updating of the blocked IP's?

That's a good idea, but it would require the server and firewall to be logged in at all times. That could end up being more of a hassle and security risk in the long run.

Share this post


Link to post
Share on other sites

Try PeerGuardian (oldie but goodie) or PeerBlock (new kid on the block) - both from the same code source and currently free. Not firewalls - just blockers.

Both have automated updates that you can schedule (please don't overload their servers with hourly updates - weekly is usually fine). Enough flexibility so you can exercise your coding charms to generate blacklists and whitelists to import, although you might want to rely on some of the better known sources such as Bluetack.

Oh, and make sure you are firewalled, as well.

Comment: If you are trying to craft a firewall from AutoIt, then I strongly suspect you are significantly lacking in understanding of how a firewall operates and a prime candidate for getting hacked.

Share this post


Link to post
Share on other sites

I suppose I was vague in my post before. I meant that if you find the right firmware, you can upload new instructions from an application (your script).

Share this post


Link to post
Share on other sites

I have a few php scripts that plot down the remote user's IP on a text file when certain conditions are met. I would like an autoit script that will act as a firewall to block the ip addresses on this list and I honestly have no clue where to start for this one.

Suggestions? Is there a script already out there for this?

As already mentioned it would be easier to do this at application level, if it's a webserver you're running then most of these have a blocklist, and it shouldn't be too difficult to write a php script which will add the address. (I would have thought using php would be preferable here rather than mixing languages)

On which note, have you checked the php forums for readymade scripts to add IPs

to Apache or suchlike blocklists?

Other option, if you use a router to connect, is to have a script upload the IP to the router's IP filter. This could be done using php's FTP functions, or by using AutoIt to control a browser window logged-in to the router.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0