Notes on m0n0wall (Monowall) firewall: Push Firewall Rules

The problem

Various of my machines run code to detect intrusion attempts (scans, password guessing etc) and in the past I used to just add rules to my firewall to stop the waste of bandwidth.

Add temporary deny rules to the firewall

To achieve the same thing with monowall I use the following PERL code to add rules to m0n0wall's ipfw firewall rule set. Please note: this is not supported or endorsed by the m0n0wall developers it uses an interface that is unsupported.

Use at your own risk
This is unsupported and potentially dangerous
No Warranty express or implied is made for this technique or code
#!/usr/bin/perl

# Use at your own risk
# This is unsupported and potentially dangerous
# No Warranty express or implied is made for this technique or code
# Maurice Castro (c) 2009
# This code may be copied and modified

use strict;
use warnings;
use LWP;

my $server = "fw.example.com:80";
my $url = "http://$server/exec.php";
my $debug = 0;

my $ip = $ARGV[0];

my $ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->credentials(
        $server,
        '.',
        'fwadmin' => 'fwpasswd'
);
my @form = [ 
                "txtCommand" => "ipfw add 1 drop tcp from $ip to any"
];
my $response = $ua->post($url, \@form);
if (!$response->is_success)
{
        print "$url error: " . $response->status_line ."\n";
        exit 1;
}
if ($response->content_type ne 'text/html')
{
        print "Invalid content type at $url: ". $response->content_type ."\n";
        exit 2;
}
if ($response->content =~ /^ERR:/)
{
        my $errno = $response->content;
        $errno =~ s/^ERR: //;
        $errno =~ s/,.*//;
        my $errdesc = $response->content;
        $errdesc =~ s/^[^,]*, //;
        print "$errno error: " . $errdesc ."\n";
        exit 3;
}
print $response->content if ($debug);
0;

The code: blockatfw.pl


Notes on m0n0wall Maurice Castro's Home Page