Simple Firewall?

[jessem]

I have a few php scripts that plot down the remote user's IP on a text file when certain conditions are met. I would like an autoit script that will act as a firewall to block the ip addresses on this list and I honestly have no clue where to start for this one.

Suggestions? Is there a script already out there for this?

[Bert]

what has a search of the forum resulted in?

[jessem]

what has a search of the forum resulted in?

Stuff from 2005 saying that it can't be done (however I know AutoIt has changed quite a lot since then), also some Client Server communication stuff. A function accepting certain Ips.

I poke my head in the forums here enough to know to search first (you'll generally find an answer) and to post some code on where you're at. I'm still looking though

[jessem]

Stuff from 2005 saying that it can't be done (however I know AutoIt has changed quite a lot since then), also some Client Server communication stuff. A function accepting certain Ips.

I poke my head in the forums here enough to know to search first (you'll generally find an answer) and to post some code on where you're at. I'm still looking though

Well I thought for sure that there would now be some block incoming IP function. What a super handy thing to have had running as a service along side a web server.

I wont give up the ghost though!

[Jos]

Well I thought for sure that there would now be some block incoming IP function. What a super handy thing to have had running as a service along side a web server.

I wont give up the ghost though!

use the standard functions that come with your webserver or install a proxy to scan the traffic, but forget about using AutoIt3 for that. AutoIt3 can probably help out updating your webservers blacklist.

Jos

[JohnOne]

I probably have no business in this thread being a noob, but could you not use autoit to just add these lists to your hosts file ?

[Jos]

I probably have no business in this thread being a noob, but could you not use autoit to just add these lists to your hosts file ?

Adding stuff to the Hosts file will only disable the DNS resolution for a hostname and not block access via port 80 for an IP adddress.

[jessem]

Ya, I was kind of hoping for something closer to the nic and not at the server level. I could just have the php scripts add the promiscuous guest to the deny list on the .htaccess, but that's only stopping them from poking around on the website. They could still try and abuse other aspects of the server.

AutoIt would have been perfect because I thought for sure it could read incoming IPs to the machine(like TCPAccept) and just not grant access to those on a list.

[Jos]

Ya, I was kind of hoping for something closer to the nic and not at the server level. I could just have the php scripts add the promiscuous guest to the deny list on the .htaccess, but that's only stopping them from poking around on the website. They could still try and abuse other aspects of the server.

AutoIt would have been perfect because I thought for sure it could read incoming IPs to the machine(like TCPAccept) and just not grant access to those on a list.

There is nothing close to the NIC that would help. You will have to check stuff on Layer 3 (Ip level). So I cannot see any reason not to use the Webserver application to do the blacklisten for you.

Jos

[Richard Robertson]

You could always just buy a good router and set it in front of your server machine. If you find the right firmware (or pay enough) you can add blacklisted IPs to the router from a trusted source (the server).

Edited November 10, 2009 by Richard Robertson

[jessem]

You could always just buy a good router and set it in front of your server machine. If you find the right firmware (or pay enough) you can add blacklisted IPs to the router from a trusted source (the server).

Ooh but automation would be soo much more fun, quicker and generally more reliable than manually updating my current hardware firewall every morning when I am at work.

Being able to add an IP to a black list on the fly would be so much more powerful than trusting myself (aka dumb human).

Jos- Agreed with only using the webserver to block access to the webserver for now, but I'm pretty sure that's only OSI layer 7 and wont offer any protection to other aspects of my server.

I'll keep my eyes open and will update this post if I find an AutoIt solution for this in the future. It would be quite useful to other admins I'm sure.

Thanks for the suggestions!

[JohnOne]

Ooh but automation would be soo much more fun, quicker and generally more reliable than manually updating my current hardware firewall every morning when I am at work.

Being able to add an IP to a black list on the fly would be so much more powerful than trusting myself (aka dumb human).

Jos- Agreed with only using the webserver to block access to the webserver for now, but I'm pretty sure that's only OSI layer 7 and wont offer any protection to other aspects of my server.

I'll keep my eyes open and will update this post if I find an AutoIt solution for this in the future. It would be quite useful to other admins I'm sure.

Thanks for the suggestions!

At the risk of making another fail post.

If you were to go down the router path, could you not use autoit to automate the updating of the blocked IP's?

[jessem]

At the risk of making another fail post.

If you were to go down the router path, could you not use autoit to automate the updating of the blocked IP's?

That's a good idea, but it would require the server and firewall to be logged in at all times. That could end up being more of a hassle and security risk in the long run.

[Confuzzled]

Try PeerGuardian (oldie but goodie) or PeerBlock (new kid on the block) - both from the same code source and currently free. Not firewalls - just blockers.

Both have automated updates that you can schedule (please don't overload their servers with hourly updates - weekly is usually fine). Enough flexibility so you can exercise your coding charms to generate blacklists and whitelists to import, although you might want to rely on some of the better known sources such as Bluetack.

Oh, and make sure you are firewalled, as well.

Comment: If you are trying to craft a firewall from AutoIt, then I strongly suspect you are significantly lacking in understanding of how a firewall operates and a prime candidate for getting hacked.

[Richard Robertson]

I suppose I was vague in my post before. I meant that if you find the right firmware, you can upload new instructions from an application (your script).

[Anteaus]

I have a few php scripts that plot down the remote user's IP on a text file when certain conditions are met. I would like an autoit script that will act as a firewall to block the ip addresses on this list and I honestly have no clue where to start for this one.

Suggestions? Is there a script already out there for this?

As already mentioned it would be easier to do this at application level, if it's a webserver you're running then most of these have a blocklist, and it shouldn't be too difficult to write a php script which will add the address. (I would have thought using php would be preferable here rather than mixing languages)

On which note, have you checked the php forums for readymade scripts to add IPs

to Apache or suchlike blocklists?

Other option, if you use a router to connect, is to have a script upload the IP to the router's IP filter. This could be done using php's FTP functions, or by using AutoIt to control a browser window logged-in to the router.