tlhackque / blockcountries Goto Github PK
View Code? Open in Web Editor NEWiptables manager for IP blocking by country
License: Other
iptables manager for IP blocking by country
License: Other
Rules update failed: exit code 1 at line 0
This error seems a bit vague, is it known?
The line number varies between machines.
using ubuntu 18.04LTS
`:~# systemctl status BlockCountries.service
β BlockCountries.service - LSB: start and stop BlockCountries
Loaded: loaded (/etc/init.d/BlockCountries; generated)
Active: failed (Result: exit-code) since Tue 2019-07-23 18:45:16 BST; 2h 31min ago
Docs: man:systemd-sysv-generator(8)
Jul 23 18:45:02 mmg systemd[1]: Starting LSB: start and stop BlockCountries...
Jul 23 18:45:16 mmg BlockCountries[3980]: Can't return outside a subroutine at /etc/init.d/BlockCountries line 750.
Jul 23 18:45:16 mmg BlockCountries[3980]: /sbin/ip6tables: exit code 3
Jul 23 18:45:16 mmg systemd[1]: BlockCountries.service: Control process exited, code=exited status=3
Jul 23 18:45:16 mmg systemd[1]: BlockCountries.service: Failed with result 'exit-code'.
Jul 23 18:45:16 mmg systemd[1]: Failed to start LSB: start and stop BlockCountries.`
./BlockCountries start -update
Starting blocked countries IP filter:
No new IP data available from lacnic
No new IP data available from afrinic
No new IP data available from apnic
Unable to fetch IP zone data from arin: 404 - File 'delegated-arin-extended-latest' not found
I'm having a problem where countries which should be blocked are not, and countries tthat are not blocked are being blocked. I took a look at the other thread, so I'll post my findings here:
Syntax: ./etc/init.d/BlockCountries start -update -permitonly
Results from running BlockCountries status -v
:
Blocked countries IPV4(Input) & IPV6(Input) filter is running and configured to block:
ar - Argentina
at - Austria
au - Australia
aw - Aruba
be - Belgium
bg - Bulgaria
bm - Bermuda
bo - Bolivia (Plurinational State of)
br - Brazil
bs - Bahamas
ca - Canada
ch - Switzerland
cl - Chile
co - Colombia
cr - Costa Rica
cu - Cuba
cz - Czech Republic
de - Germany
dk - Denmark
fi - Finland
fr - France
gb - United Kingdom of Great Britain and Northern Ireland
gl - Greenland
hn - Honduras
ie - Ireland
is - Iceland
it - Italy
jm - Jamaica
mx - Mexico
nz - New Zealand
pe - Peru
pr - Puerto Rico
us - United States of America
vg - Virgin Islands (British)
vi - Virgin Islands (U.S.)
This is a bit concerning since I've set it to only permit these countries. I'm assuming this is just a typo in the programming, and it doesn't affect functionality. As you will see, it does block the majority of IPs correctly:
Intercepts by host IP:
??: 14.192.203.159 udp-7747(1)
??: 37.139.9.72 icmp-8(1)
??: 37.235.52.10 icmp-8(6)
??: 37.235.55.22 icmp-8(3)
??: 43.254.144.130 icmp-8(1)
??: 46.108.39.10 icmp-8(3)
??: 46.108.39.44 icmp-8(4)
??: 46.246.93.113 icmp-8(4)
??: 58.140.209.54 tcp-23(1)
??: 60.190.227.93 tcp-3389(1)
??: 61.63.13.93 tcp-445(3)
??: 77.211.39.188 tcp-445(2)
??: 80.82.78.8 tcp-5902(1)
??: 80.82.79.39 tcp-22(1)
??: 80.92.66.63 icmp-8(10)
??: 81.4.125.158 icmp-8(1)
??: 81.214.191.86 udp-53413(3)
??: 88.82.108.108 icmp-8(1)
??: 93.174.93.181 udp-53413(2)
??: 94.102.48.195 tcp-993(1)
??: 95.142.107.181 icmp-8(1)
??: 103.231.41.78 icmp-8(1)
??: 103.250.185.220 icmp-8(1)
??: 110.50.243.6 icmp-8(1)
??: 115.69.210.216 tcp-445(2)
??: 117.121.240.36 icmp-8(6)
??: 117.131.214.53 icmp-8(1)
??: 117.212.97.171 tcp-445(2)
??: 118.97.184.196 tcp-445(2)
??: 119.199.119.27 udp-53413(2)
??: 119.235.248.9 icmp-8(1)
??: 122.95.45.122 tcp-23(1)
??: 123.201.143.186 tcp-445(2)
??: 124.248.221.28 icmp-8(1)
??: 125.212.217.85 tcp-445(2)
??: 150.70.173.43 tcp-80(1)
??: 150.70.188.167 tcp-80(3)
??: 150.70.188.171 tcp-80(3)
??: 158.255.208.31 icmp-8(4)
??: 178.187.51.37 tcp-23(1)
??: 183.238.2.246 tcp-445(1)
??: 185.65.204.169 icmp-8(4)
??: 185.94.111.1 udp-111(1) udp-520(1)
??: 188.42.136.164 tcp-22(1)
??: 192.165.67.112 icmp-8(1)
??: 192.228.135.199 tcp-23(1)
??: 194.63.140.74 tcp-22(2)
??: 194.135.92.226 icmp-8(1)
??: 195.211.154.180 tcp-21320(1)
??: 195.248.226.250 icmp-8(3)
??: 210.212.98.235 tcp-3306(1)
??: 212.7.218.71 icmp-8(1)
??: 213.8.103.187 icmp-8(1)
??: 213.183.56.111 icmp-8(4)
??: 218.77.79.38 tcp-110(1) tcp-82(1)
??: 220.132.69.115 udp-53413(2)
Intercepts by country:
116 ??
I can't seem to find it now, but earlier I saw an Italian server from Milan added to the banlist. Conversely, a server from Signapore was not banned.
I'm led to believe this is not your fault, since it appears the program is working, it just uses incorrect IP address blocks. Could you tell me how to correct this?
Also, I can still ping these addresses. Does it only block incomming traffic? Is that what the blockout
param is for? Kind of makes sense
Thanks for a wonderful script!
hi,
when checking the iptables -L i see this in the output:
LOG all -- anywhere anywhere limit: avg 1/min burst 10 LOG level warning prefix "[Blocked CC]: "
hi,
so glad to see this project to alive an active, and my question is regards to the logs files.
your script is set as var/log/messages* but I changed mine to use var/log/BlockCountries/BlockCountries*
but their is not data yet, is that ok? would I also need to create the file itself in the location? for example BlockCountries.log?
And also what permissions control should the folder have, is root:root ok?
thanks
Hey there.
Thanks for this project, it's a great help and has reduced malicious traffic for us.
Would it be possible to do the inverse, namely whitelist one ore more country/countries and block everything else?
Thanks,
Martin
The code for recent releases was visible, but the tags weren't.
Fixed. Latest Release is V2.6.
hi im using ubuntu 12.04, please output example paths etc. you used for setup and state your OS.
$CFGFILE - This is where the configuration file lives
$ZONEDIR - This is where the files that define IP assignments live. It should
be a dedicated directory, must exist and must be writable by the
cron job.
$LOG - The syslog file containing iptables log entries. Wildcard if
logrotation occurs.
$LOGPFX - The prefix to be written by IPtables when logging a rejection.
$LOGPGM - The program to be credited with writing the log entry
thanks
I tried to run BlockCountries in a debian 7 server.
Starting blocked countries IP filter:
Updated IP zone data from apnic
Updated IP zone data from lacnic
Updated IP zone data from afrinic
Updated IP zone data from ripe
Updated IP zone data from ariniptables-restore: line 11365 failed
Rules update failed: exit code 1 at line 0
[FAILED]
Not sure if i done something wrong.
Thanks.
hi
I am using this script on two ubuntu systems with no issue, but i install it on contos, and all is working even the list but i do get this error:
~]# /etc/init.d/BlockCountries start -update
Starting blocked countries IP filter:
No new IP data available from apnic
No new IP data available from lacnic
No new IP data available from afrinic
Updated IP zone data from ripe
No new IP data available from arin ip6tables-restore v1.3.5: ip6tables-restore: unable to initializetable 'filter'
Error occurred at line: 1
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Your script is wonderful and has saved my VPS from countless hackers etc.
However for some reason IP's from the country code ua (Ukraine) are not being stopped
I have added ua to the conifg file the same as any other country I am blocking and run and have updated the iptables using BlockCountries start -update
Any idea's? My config file is below
ru
ch
in
pk
ir
br
de
fr
jp
pl
lt
ua
tr
kr
ca
ph
-atport https -atport smtp -atport submission -atport smtps -atport domain
-auport domain
-log
regards - glen
I use a small script for updating your BlockCountries, may it would be possible to include this into Blockcountries, or if you like add it to your Repo.
https://gist.github.com/wikrie/433b13be91c6a31391ee163c14a90295
br wikrie
Hi tlhackque,
as far as I can see the current logging goes to:
root@server:~# colortail -f /var/log/messages
==> /var/log/messages <==
Jan 22 11:29:06 server kernel: [3151900.967133] [Blocked CC]: IN=venet0 OUT= MAC= SRC=58.140.209.21 DST=0.0.0.0 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=23949 DF PROTO=TCP SPT=37383 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
would it be possible to setup a own Logfile into var/log
e.g.
/var/log/blocking.log
so it would be needed to create a new entry for the config file to setup this logging.
I try to modify the Script by changing the $Log
my $LOG = '/var/log/blocking*';
but it still write the Blockings into messages, after restarting the script.
I have been using BlockCountries for a while and have just tried to update to 2.21
when i try to load the default config, i get the following error.
root@NS12:~/BlockCountries-2.21-Release# /etc/init.d/BlockCountries -start -update
Unrecognized country/country code: use
root@NS12:~/BlockCountries-2.21-Release#
This is the ISO part of the config, but its the default in the conf that came with the download.
# List of country codes blocked by default - specify yours in the config file
my @DEFAULT_ISO = qw /cn kr kp kz ru/;
hi,
I have a second dns server that mirrors the primary server which has the blockcountries script installed on it.
What i would like to know is if i need your script installed on the secondary server or not?
when dose your script get active, before or after the requests are sent to the dns?
thanks
hi im using ubuntu 18.04.
I getting this error: Use of uninitialized value $ARGV[2] in split at - line 6.
av00va writes:
I found out that your script isn't loading automatically at startup. It is listed in chkconfig
BlockCountries 0:off 1:off 2:on 3:on 4:on 5:on 6:off
I didn't see any documentation as to which levels and start/stop priority it should have. Please let me know, thanks. Also, I feel as if crontab isn't functioning correctly:
8 13 * * * /etc/init.d/BlockCountries start -update
Hi tlhackque,
This is not an issue but a massive thank you for your help and writing this excellent perl script. It works like a treat with very low overhead.
My server has been plagued by hackers & spammers for nearly a year and I was going mad bailing out the ship with buckets! This is exactly what I was looking for so a million thanks. hopefully I donβt have to close my web business down now.
Once again thank you it is very much appreciated and your willingness to share it is the true spirit of the original internet.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.