Etusivu Tutki Apua
Kirjaudu sisään
maloe
/
ASN_IPFire_Script
Tarkkaile 7
Äänestä 2
Fork 1
Tiedostot Ongelmat 1 Wiki
Sivu: page2
Home
page2
page3
page4
page2
maloe muokkasi tätä sivua 2 vuotta sitten

Wiki for ASN_IPFire Script

Content

  1. Usage
  2. Sources for ASNs and networks
  3. ASN IPFire Script and Android
  4. Tips & Tricks

2 Sources for ASNs and networks

2.1 Source types

There are three types of sources:

  • local: custom specific files
  • dynamic: requires a search argument (company or ASN) at query and returns only matched results
  • static: lists containing ASNs of different companies

2.2 ASN Sources

ASN sources to be scanned for company names. The result is a list of ASNs associated with the requested companies.
Following ASN sources are predefined:

2.3 Network Sources

Network sources to be scanned for AS numbers. Result is a list of networks associated with the requested ASNs.
Following network sources are predefined:

Network sources are queried for AS numbers. Result is a list of networks associated with these ASNs.

2.4 Selecting sources

By default local source and the list from cidr-report are enabled. To enable or disable sources, the script must be modified with an text editor. Remove / add leading hashes (#) to enabled / disabled sources.
Search for the arrays "getASNfromCOMPANY" and "getNETfromASN":

# Enable/disable ASN sources: Remove leading hashes (#) to enable ASN_sources. 
getASNfromCOMPANY=( \
  ASN_local \                   # local source (local_asn_file)
# ASN_cidrreport \              # cidr-report.org
  ASN_bgplookingglass \             # bgplookingglass.com
# ASN_bgpview \                 # bgpview.io (white spaces in company names not supported)
)

# Enable/disable network sources: Remove leading hash (#) to enable NET_sources. 
getNETfromASN=( \
  NET_local \                   # local source (local_net_file)
  NET_ripe \                    # stat.ripe.net
# NET_ipinfo \                  # ipinfo.io
# NET_bgpview \                 # bgpview.io
# NET_radb \                    # whois.radb.net    # use only if you know what you are doing. query results may be wrong!
)

Which source to select? With asn_ipfire v0.6.4 the default has been switches from ultratools to cidrreport. Since this side is not reachable anymore, the default source has been changed to bgplookingglass on v.0.7.11. Also bgpview has been added, though it has not been tested very well yet. Selecting more or even all sources can increase the number of matches. It also can compensate non-reachable sources. On the other hand, this leads to longer script runtimes, because of more redundant matches.

Note1: The whois query is actually not recommended due to over-rejects on certain ASNs

Note2: Enabling the source "NET_radb" requires whois to be installed on the system (default for IPFire).

2.5 Custom specific local source files

With the local source files custom specific entries are possible. With this concept missing ASN entries from the other sources can be compensated. It is also possible to add networks of companies which don't have own ASN entries at all. Furthermore IP's and networks of different companies can be collected to a single group.

To add your own selection of networks to IPFire groups you can do following steps:
1. Create a local ASN file (default name: local_asn_list)
2. Define your custom sprecific groups

Format:

AS0 CustomGroup1
AS999999 CustomGroup2

Note: Using non-existing AS numbers is recommended here. Otherwise you have to disable other sources to prevent getting unwanted matches for your custom group. AS0 or a number greater than 400000 should be fine.

3. Create a local network file (default name: local_net_list) and write down the networks you want to block:

Example:

1.2.3.4/31 AS0
2.3.4.0/24 AS0
3.4.5.0/24 AS0
4.5.6.6/31 AS999999

Note: Be sure that your IP networks are valid. For example 1.1.1.0/23 is not a valid network and will be changed by IPFire to 1.1.0.0/23. You can check for valid networks on various online IP calculators, such as ipcalc or Netzwerk-Rechner. IPFire doesn't accept networks that only consist of a single IPv4 address. Therefore don't use suffixes /32 which defines only one IP.

2.5.1 Changing local source filenames:

The local source filenames can be specified by editing the asn_ipfire.sh script. Search for local_asn_file or local_net_file and edit the file names inside the double quotes:

# Local files can be used as ASN and/or network sources. To be activated by enabling "gather_ASN0" and/or "gather_NET0" into following arrays.
local_asn_file="local_asn.list"
local_net_file="local_net.list"

Note: Make sure the files are writable.

2.6 Dynamic sources

Each query requires the company name and only the matching results are downloaded. In generally this is the prefered method due to lower trafic.
Dynamic sources are: ultratools and all online network sources.

2.7 Static sources

Static lists are downloaded completely every time when asn_script is executed (with parameter --add, --network, --custom, --iptable, --afwall). The list is then stored in a temporary file and removed when the script has finished.
With option '--keep' the temporary source files will not be deleted after the script ends. If the script finds the temporary source file already in place, it will use this file and skips the download from the source.
Static sources are: cidr-report and bglookingglass

Poista sivu

Tämä poistaa sivun "page2". Varmista että haluat todella tehdä tämän.

Ei
Kyllä