Saturday, June 8, 2013

Block a specific IP in IPCop

SSH into IPCop and type this (replace x.x.x.x with the IP). The /32 provides a subnet for that particular IP. Should work instantaneously.

/sbin/iptables -I FORWARD -s x.x.x.x/32 -j DROP

If you made a mistake or if you want to delete the entry, type this:

/sbin/iptables -D FORWARD -s x.x.x.x/32 -j DROP 

Wednesday, June 5, 2013

Create a DNS ad blocklist in IPCop

You can use a host file in Windows or Linux per desktop (and even smartphone/tablet with root access), but this can get overwritten and you will have to modify the file across every desktop in your environment.

Another drawback to this method is handling subdomains. There is no easy method to create a wildcard block for subdomains. For instance:


  • ads1.spammycompany.com
  • ads2.spammycompany.com
  • ads3.spammycompany.com
  • bannerhosting321.spammycompany.com


If you use a Linux based firewall like IPCop, you can use dnsmasq to banish subdomains to 127.0.0.1. Here's my method:

First, you need IPCop up and configured. This should be relatively straightforward, but if you need help, do a bit of Googling to get it. You will also need working knowledge of SSH and VI

Second, SSH into IPCop. You will want to vi into your /var/ipcop/dhcp/dnsmasq.local

vi /var/ipcop/dhcp/dnsmasq.local
vi /var/ipcop/dhcp/dnsmasq.local We need to set the DNS manually, I prefer the Google DNS 8.8.8.8


# dnsmasq Google Public DNS 
server=8.8.8.8

We will also want to enter the addresses that we want to block. For instance, if we want to block anything.blahblah.com we will do this

address=/.blahblah.com/127.0.0.1

Enter any address lines below that and save the file. Here is an example of my dnsmasq.local

# Used for private dnsmasq (DHCP) options.
# See dnsmasq manual http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
# After making modifications restart the DHCP server using the web interface
# or restartdhcp.
# Changes made will then propagate to the DHCP server.

# dnsmasq Google Public DNS 

server=8.8.8.8

address=/.2o7.net/127.0.0.1

address=/.adbrite.com/127.0.0.1
address=/.addthis.com/127.0.0.1
address=/.admeld.com/127.0.0.1
address=/.adnxs.com/127.0.0.1
address=/.adzerk.net/127.0.0.1
address=/.bluekai.com/127.0.0.1
address=/.clickbank.net/127.0.0.1
address=/.criteo.com/127.0.0.1
address=/.crsspxl.com/127.0.0.1
address=/.crwdcntrl.net/127.0.0.1
address=/.disqus.com/127.0.0.1
address=/.doubleclick.com/127.0.0.1
address=/.doubleclick.net/127.0.0.1
address=/.effectivemeasure.net/127.0.0.1
address=/.esm1.net/127.0.0.1
address=/.estat.com/127.0.0.1
address=/.exelator.com/127.0.0.1
address=/.gigya.com/127.0.0.1
address=/.gravity.com/127.0.0.1
address=/.imrworldwide.com/127.0.0.1
address=/.kinja.com/127.0.0.1
address=/.linkbucks.com/127.0.0.1
address=/.liveadvert.com/127.0.0.1
address=/.livefreetimenews.com/127.0.0.1
address=/.mail-corp.com/127.0.0.1
address=/.mktoresp.com/127.0.0.1
address=/.ooyala.com/127.0.0.1
address=/.optimizely.com/127.0.0.1
address=/.outbrain.com/127.0.0.1
address=/.owneriq.com/127.0.0.1
address=/.paresly.com/127.0.0.1
address=/.quantserve.com/127.0.0.1
address=/.res-x.com/127.0.0.1
address=/.revsci.net/127.0.0.1
address=/.scorecardresearch.com/127.0.0.1
address=/.searchmarketing.com/127.0.0.1
address=/.shareaholic.com/127.0.0.1
address=/.sitemeter.com/127.0.0.1
address=/.statcounter.com/127.0.0.1
address=/.techcrunch.com/127.0.0.1
address=/.tklist.net/127.0.0.1
address=/.triggit.com/127.0.0.1
address=/.tynt.com/127.0.0.1
address=/.xiti.com/127.0.0.1
address=/.yieldmanager.com/127.0.0.1
address=/.po.st/127.0.0.1
address=/.zdbb.net/127.0.0.1
address=/.newrelic.com/127.0.0.1
address=/.stipple.com/127.0.0.1
address=/.invitemedia.com/127.0.0.1
address=/.rubiconproject.com/127.0.0.1
address=/.casalemedia.com/127.0.0.1
address=/.adsonar.com/127.0.0.1
address=/.serving-sys.com/127.0.0.1
address=/.vizu.com/127.0.0.1
address=/.serving-sys.com/127.0.0.1
address=/.gravity.com/127.0.0.1
address=/.mixpo.com/127.0.0.1
address=/.yadro.ru/127.0.0.1


Now we save and restart the dnsmasq

killall dnsmasq

and then restart dnsmasq

dnsmasq

Also, flush your DNS on your main desktop. You will now be unsuccessful at pinging the domain or any subdomain under it.

For instance:


C:\Users\binarypower>ping outbrain.com

Pinging outbrain.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms


C:\Users\binarypower>ping somestupidsubdomain.outbrain.com

Pinging somestupidsubdomain.outbrain.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms