Skip to content
This repository has been archived by the owner on Jan 26, 2025. It is now read-only.

rodan/laboule

Folders and files

NameName
Last commit message
Last commit date

Latest commit

634dec8 · Sep 24, 2021

History

26 Commits
Sep 1, 2018
Sep 24, 2021
Sep 24, 2021
Sep 24, 2021
Sep 24, 2021

Repository files navigation

 * description
  laboule - the iptables chain manager for impolite IPs
  this daemonized bash script performs the following tasks:

  - binds itself to a unix socket and listens for 'ban' and 'count' commands
  - log parsers decide if an IP has performed an illegal operation 
  and send a row to that socket:
  IP PROFILE COMMAND WHATEVER_EXTRA_INFO

  IP        can either be ipv4 or ipv6
  PROFILE   is a user-defined string (see /etc/laboule/laboule.conf)
  COMMAND   is one of 'count' or 'ban'
  WHATEVER_EXTRA_INFO will be logged into /var/log/laboule/

  for the count command:
  if an IP is counted more than $PROFILE_ban_excuses times in an 
  interval of $PROFILE_ban_period seconds it will be banned for 
  N * $PROFILE_deny_buffer_period minutes, where N is how many times
  this ban has happened in the past for this IP

  for the ban command:
  the IP is outright banned for 
  N * $PROFILE_deny_buffer_period minutes, where N is how many times
  this ban has happened in the past for this IP

  in the case of laboule-tarpit the use scenario is equivalent, however 
  the IP does not receive a DROP rule, but a REDIRECT to another port 
  where a tarpit/honeypot is listening. 
  ipv6 has not been thoroughly tested with laboule-tarpit.

  syncronous syslog parsing is also available, see laboule_syslog_parser.sh
  for an example

 * dependencies
   - iptables (with optional ipv6 support)
   - a tmpfs in /dev/shm for quick activity searches
   - daemontools (used by the sample init scripts and for logging) - optional
   - daemontools-scripts (used by laboule --start) - optional
   - logsentry (used by some of the sample log parsers) - optional
   - conntrack-tools (used by one of the sample log parsers) - optional
   - any firewall software can be used, provided that some glue logic is provided:
      after firewall (re)start the following scripts are run:
        /usr/bin/laboule --init
        /usr/bin/laboule-tarpit --init
        /usr/bin/laboule --init6
        /usr/bin/laboule-tarpit --init6
        (run only those that apply in your use case)
        (these end up in /etc/shorewall*/start if shorewall is used)
      and make sure you locate the proper parent chain (calling_chain) into which
       laboule will inject it's logic (example laboule*.confs work with shorewall)


  Author:          Petre Rodan <[email protected]>
  Available from:  https://github.com/rodan/laboule
  License:         BSD

About

the iptables chain manager for impolite IPs

Topics

Resources

Stars

Watchers

Forks

Languages