This site is curently being worked on. Some parts may be missing or not fully functional.
The address of this site has been changed from stefan.gofferje.net to www.gofferje.net. Please update your bookmarks.

Linux

  • Thanks to some good pointers from Vibhor Amrodia here, I was able to rewrite my Linux Netfilter countryblock script to create object-groups for Cisco ASA firewalls which can easily be used in access-lists. This example loads the IP-ranges of China, Korea and Palestine from ipdeny.com and creates a config file. This config file can easily be copied from a TFTP server to the running config of the ASA. I chose those 3 countries because the vast majority of probes, scans and SIP fraud attempts on my network come from there.

  • In recent times, port probes, spam mail and also SIP attacks / SIP fraud have increased massively and it mostly comes from China, Korea and Palestine. If you run Linux as perimeter firewall, blocking those 3 (and any other you like) is fairly easy. This script downloads the respective network lists from ipdeny.com and inserts rules at the start of the INPUT and FORWARD chains, so IPs from any of those networks can neither reach your firewall not any system behind it.

  • PERL script to dynamically update the IP of a host via the cPanel-API. This script was written to work with the Finnish hoster Neobitti but it might work with other hosters which use cPanel too.