Re^3: Questions regarding regular expressions and arrays

You could probably use something like this:

#!/usr/bin/perl
use warnings;
use strict;
#
# This script grabs ip addresses from my firewall log file
# and adds them to a blacklist for my iptables ruleset.
#
## NOTE - This script must be run as root

use Socket;

# Check to make sure root is running this
$< and die "You must run this program as root!\n";


my $log       = '/var/log/iptables.log';
my $blacklist = '/var/log/blacklist';

# Open log file, retrieve list of ip addresses and write them
# to the blacklist
open IN, "<",  $log or die "Can not open $log $!";
my %seen;
while ( <IN> ) {
    next unless /\S/;
    if ( /SRC=([0-9.]+) / ) {
        next if $1 =~ /^192\.168/;
        $seen{ inet_aton( $1 ) }++;
        }
    }
close IN;

# Sort my list of IP addresses
my @sorted =
    map inet_ntoa( $_ ),
    sort
    keys %seen;

# Create clean blacklist file and append iptables rules
open BL, '>', $blacklist or die "Cannot open $blacklist $!";

foreach my $ip ( @sorted ) {
    print BL "$ip\n";
    0 == system '/sbin/iptables', '-A', 'BLACKLIST', '-p', 'all', '-s'
+, $ip, '-d', '0/0', '-j', 'LOG', '--log-prefix', 'IPTABLES:Blacklist:
+ '
        or die "system /sbin/iptables failed: $?";
    0 == system '/sbin/iptables', '-A', 'BLACKLIST', '-p', 'all', '-s'
+, $ip, '-d', '0/0', '-j', 'DROP'
        or die "system /sbin/iptables failed: $?";
    }

close BL;
chmod 0600, $blacklist;
[download]

Comment on Re^3: Questions regarding regular expressions and arrays Download Code

Replies are listed 'Best First'.
Re^4: Questions regarding regular expressions and arrays by at2marty (Novice) on Dec 14, 2011 at 13:50 UTC
jwkrahn, thank you very much for your suggestion. I need to study the Socket module to understand some of what you suggested. Also, the test for root line has me a bit confused so I need to research that as well. Finally, I like the format that you used for the system calls. It just seems to be a bit cleaner. Again, thank you for your help!	[reply]