Dear monks
I have a linux machine configured as a bridge in front of some mail servers.
Using iptables I redirect each SMTP SYN to user space queue:
iptables -A FORWARD -s 0/0 -i eth0 -p tcp --syn --dport 25 -j QUEUE
Using “IPTables::IPv4::IPQueue” the script reads the queued packets and check if they are listed in an RBL blacklist using DNS query.
The thing is I want to create a file of blacklisted IP address so I won’t have to perform a DNS lookup on previously matched IPs.
So writing the blacklisted IP to a file is easy but I want another script that will age out IP address from the file and delete them.
How can I do that?
Is there a more efficient way to write the script?
This is the main script:

#!/usr/bin/perl
use Parallel::ForkManager;
use IPTables::IPv4::IPQueue qw(:constants);
use NetPacket::IP qw(:ALL);
use Time::HiRes qw(time);

my $i = 0;
my $t0 = time;

my $ipq = new IPTables::IPv4::IPQueue
    (copy_mode => IPQ_COPY_PACKET, copy_range => 1500);


my $pm = new Parallel::ForkManager(3); 
    $pm->run_on_finish(
        sub { 
            my ($pid, $exit_code) = @_;
            $i++;
        }
    );

while (1) {
    if ($i == 100) {
        $elapsed = time - $t0;
        print "\n *************\n$elapsed\n********************\n";
        $i = 0;
        my $t0 = time;
        $pm->wait_all_children;
    }

    $pm->start and next; # do the fork

    my $msg = $ipq->get_message;
    if (defined $msg) {
        my $ip = NetPacket::IP->decode($msg->payload);
        $ipAddr = $ip->{src_ip};
        $DSTipAddr = $ip->{dest_ip};
        @res = qx { /root/scripts/iptables/rbl.pl $ipAddr };
        if (grep(/err/, @res)) {
            #qx { echo $ipAddr >> /root/scripts/iptables/stat/blackRbl
+.log };
            $ipq->set_verdict($msg->packet_id, NF_DROP);
            print "$ipAddr -> $DSTipAddr @res\n";
        } else {
            $ipq->set_verdict($msg->packet_id, NF_ACCEPT);
            #print "$ipAddr -> $DSTipAddr @res\n";
        }
        exit(0);
    } else {
        print "Not defined\n";
        exit(0);
    }
    $pm->finish; # do the exit in the child process
}

[download]
Regards,
Adi.

In reply to IPQueue blacklist file by adismaug

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.