这几天折腾回ros,配置好防火墙,发现没多久就能有几个扫描端口的ip,然后搜出了东北大学这个网络中心的ip列表,就琢磨了下如何用起来,就有了以下的主动拦截,当然ros后面的防火墙也还有主动探测端口扫描的规则,网上一抓一大把,就不写了。

本人小白,以下都是靠搜索而来,如有错误,请大佬帮忙指正。

1. 用linux制作rsc文件并定期更新

  • cnip这个连接,我不确定是否有定期更新,如果大家有更好的项目连接,请帮忙留言告知。
  • rsc文件使用debian(192.168.0.2)制作生成,至于在ros上能否实现,我不确定。

在debian上,用以下来制作sh命令,然后再用cron制作定期任务运行此命令就可以更新rsc

#!/bin/bash

## down BlockedIp from http://antivirus.neu.edu.cn/
sudo curl -s http://antivirus.neu.edu.cn/ssh/lists/neu.txt |sed -e '/^#.*/d' -e 's/^/add address=/g' -e 's/$/\/32 list=blocked/g'|sed -e $'1i\\\n/ip firewall address-list' -e $'1i\\\nremove [/ip firewall address-list find list=blocked]' |sed '$a \/' |sed '$a /file remove blocked.rsc'>blocked.rsc && mv blocked.rsc /usr/share/nginx/html/

## down cnip direct from https://www.ipdeny.com/ipblocks/data/countries/cn.zone
sudo curl -s https://www.ipdeny.com/ipblocks/data/countries/cn.zone |sed -e '/^#.*/d' -e 's/^/add address=/g' -e 's/$/ list=CNIP/g'|sed -e $'1i\\\n/ip firewall address-list' -e $'1i\\\nremove [/ip firewall address-list find list=CNIP]' -e $'1i\\\nadd address=10.0.0.0/8 list=CNIP comment=private-network' -e $'1i\\\nadd address=172.16.0.0/12 list=CNIP comment=private-network' -e $'1i\\\nadd address=192.168.0.0/16 list=CNIP comment=private-network' |sed '$a \/' |sed '$a /file remove cnip.rsc'>cnip.rsc && mv cnip.rsc /usr/share/nginx/html/cnip.rsc

## beiyong_down cnip direct from https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
# sudo curl -s https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt |sed -e '/^#.*/d' -e 's/^/add address=/g' -e 's/$/ list=CNIP/g'|sed -e $'1i\\\n/ip firewall address-list' -e $'1i\\\nremove [/ip firewall address-list find list=CNIP]' -e $'1i\\\nadd address=10.0.0.0/8 list=CNIP comment=private-network' -e $'1i\\\nadd address=172.16.0.0/12 list=CNIP comment=private-network' -e $'1i\\\nadd address=192.168.0.0/16 list=CNIP comment=private-network' |sed '$a \/' |sed '$a /file remove cnip.rsc'>cnip.rsc && mv cnip.rsc /usr/share/nginx/html/cnip.rsc


## beiyong_from http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest
# sudo curl -s http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' |sed -e '/^#.*/d' -e 's/^/add address=/g' -e 's/$/ list=CNIP/g'|sed -e $'1i\\\n/ip firewall address-list' -e $'1i\\\nremove [/ip firewall address-list find list=CNIP]' -e $'1i\\\nadd address=10.0.0.0/8 list=CNIP comment=private-network' -e $'1i\\\nadd address=172.16.0.0/12 list=CNIP comment=private-network' -e $'1i\\\nadd address=192.168.0.0/16 list=CNIP comment=private-network' |sed '$a \/' |sed '$a /file remove cnip.rsc'>cnip.rsc && mv cnip.rsc /usr/share/nginx/html/cnip.rsc

注意:debian端口要开放80端口给局域网;nginx反代有开启并设置好对应路径。

2. routeros(ros)上制作脚本下载并导入rsc

/system scrip 里面加入以下来脚本

# Update blocked.rsc

/tool fetch mode=http url="http://192.168.0.2/blocked.rsc"  \
dst-path=blocked.rsc

/im file=blocked.rsc
                    
:log info ([/file get blocked.rsc contents])

cnip.rsc的脚本请照猫画虎吧…

然后ros上面/ip firewall filter和router加入对应规则
/system schedule设置好周期,自动运行脚本来更新rsc即可。

以上如有错误,欢迎大佬指正正。


参考:

  1. 将“树莓派”作为网关配合 ROS 实现国外流量加速;
  2. 东北大学网络中心–网络威胁黑名单系统;
  3. 防止ssh密码扫描;
  4. 东北大学网络中心–网络威胁黑名单系统lists;
  5. routeros配置分流大陆ip.
Logo

更多推荐