def configure_ipset(self):
utils.flush_ipset_list('blacklist')
fout = open('/tmp/ip_blacklist', 'w')
for entry in self.all_ips:
if len(entry) >= 7:
fout.write('add blacklist ' + entry + '\n')
fout.close()
utils.restore_ipset_blacklist('/tmp/ip_blacklist')
def run(self):
time.sleep(60)
while 1:
log.debug('FG-INFO: Downloading daily blacklists')
# Clearing old intel
self.all_ips.clear()
self.all_domains.clear()
with lock:
# Clearing old intel
for threat in homenet.bad_ips.keys():
del homenet.bad_ips[threat][:]
for threat in homenet.bad_domains.keys():
del homenet.bad_domains[threat][:]
# Retrieving intel from local sources
self.retrieve_bad_ips()
self.retrieve_bad_domains()
# Retrieving intel from FalconGate public API
if homenet.fg_intel_key:
self.retrieve_fg_intel()
for threat in homenet.bad_ips.keys():
for ip in homenet.bad_ips[threat]:
if ip not in homenet.user_whitelist:
self.all_ips.add(ip)
for threat in homenet.bad_domains.keys():
for domain in homenet.bad_domains[threat]:
if domain not in homenet.user_domain_whitelist:
self.all_domains.add(domain)
# Adding user blacklisted domains
for entry in homenet.user_domain_blacklist:
if entry not in homenet.user_domain_whitelist:
self.all_domains.add(entry)
# Adding user blacklisted IP addresses
utils.flush_ipset_list('blacklist-user')
for ip in homenet.user_blacklist:
if ip not in homenet.user_whitelist:
utils.add_ip_ipset_blacklist(ip, 'blacklist-user')
# Reconfiguring ipset and dnsmasq with the new block lists
# Blocking IP addresses from threat intel open sources it's disabled by default. Remove the comment in the line below to enable at your own risk :)
#self.configure_ipset()
self.configure_dnsmasq()
time.sleep(14400)
def host_response():
if not request.json:
abort(400)
action = str(request.json['action'])
target = request.json['target']
if action == 'blacklist':
utils.flush_ipset_list('blacklist-user')
for ip in target:
with lock:
if (len(ip) >= 7) and (ip
not in homenet.user_blacklist) and (
ip
not in homenet.user_whitelist):
homenet.user_blacklist.append(ip)
utils.add_ip_ipset_blacklist(ip, 'blacklist-user')
log.debug('FG-INFO: IP ' + ip +
'added to user blacklist')
resp = Response()
resp.status_code = 200
return resp
elif action == 'unblock':
for ip in target:
with lock:
if (len(ip) >= 7) and (ip in homenet.user_blacklist):
utils.del_ip_ipset_blacklist(ip, 'blacklist-user')
resp = Response()
resp.status_code = 200
return resp
elif action == 'whitelist':
for ip in target:
if len(ip) >= 7:
utils.del_ip_ipset_blacklist(ip, 'blacklist')
utils.del_ip_ipset_blacklist(ip, 'blacklist-user')
with lock:
if ip not in homenet.user_whitelist:
homenet.user_whitelist.append(ip)
resp = Response()
resp.status_code = 200
return resp
elif action == 'list':
data = utils.list_ipset_blacklist(target)
data = {'content': data[7:-1]}
data = json.dumps(data)
resp = Response()
resp.data = data
resp.status_code = 200
resp.mimetype = "application/json"
return resp
else:
abort(400)
