PDA

View Full Version : [GERMAN] die "etwas andere" HOST.RULES ...


Grendel
09-18-2004, 09:27 AM
hier mal die "etwas andere" HOSTS.RULES
speziell für alle die mit DSL einen FTP betreiben...

Meine Version sperrt prinzipiell alle
bekannten Top Level Domains (TLDs) aus
und schaltet nur die IP-Ranges der bekannten
DSL Provider frei (Änderungen könnt ihr ja selber vornehmen).

Vorteil:

Ihr bekommt zu jeder TLD einen passenden
Eintrag ins ERROR.LOG
09-17-2004 00:50:33 Rejected client from 83.149.236.164: "No Access from Russian Federation

und derjenenige, der geblockt wurde, sieht im FlashFXP nur
CONNECTION LOST. CONNECTION FAILED.
als ob der FTP aus/oder nicht existent wäre.

Ich finds jedenfalls so besser als ein generelles POLICY ACCEPT.

Viel Spass damit :D

Grendel
09-18-2004, 09:37 AM
hmm, irgendwie kommt das Attachment nicht rein (zip)... :mad:

Grendel
09-18-2004, 09:42 AM
...na dann halt so.... :D



################################################## ############
#
# Default policy
#
# POLICY ACCEPT CONNECTIONS_PER_IP
# POLICY DENY
#
################################################## ############

POLICY ACCEPT 2

################################################## ############
#
# Classes
#
# CLASS CLASS_NAME TOTAL_CONNECTIONS_PER_CLASS
#
################################################## ############

CLASS ADMIN -1
CLASS USER 20

################################################## ############
#
# Rules
#
# ACCEPT I|H IP|HOSTNAME CLASS_NAME CONNECTIONS_PER_IP
# DENY I|H IP|HOSTNAME LOG_STRING
#
################################################## ############

ACCEPT I 192.168.0. ADMIN -1
ACCEPT I 192.168.1. ADMIN -1
ACCEPT I 127.0.0. ADMIN -1


ACCEPT H .versanet.de USER 20
ACCEPT H .fdp.unimi.it USER 20
ACCEPT H .ish.de USER 20
ACCEPT H .pppool.de USER 20
ACCEPT H .arcor-ip.net USER 20
ACCEPT H .netcologne.de USER 20
ACCEPT H .dclient.hispeed.ch USER 20
ACCEPT H .dip.t-dialin.net USER 20
ACCEPT H .dip0.t-ipconnect.de USER 20
ACCEPT H .tisdip.tiscali.de USER 20
ACCEPT H .dynamic.qsc.de USER 20
ACCEPT H .init7.net USER 20
ACCEPT H .ipt.aol.com USER 20

################################################## ############

#################
# GENERIC TLD's #
#################

DENY H .ac "No Access allowed from .AC"
DENY H .aero "No Access allowed from .AERO"
DENY H .arpa "No Access allowed from .ARPA"
DENY H .biz "No Access allowed from .BIZ"
DENY H .com "No Access allowed from .COM"
DENY H .coop "No Access allowed from .COOP"
DENY H .edu "No Access allowed from .EDU"
DENY H .firm "No Access allowed from .FIRM"
DENY H .gov "No Access allowed from .GOV"
DENY H .int "No Access allowed from .INT"
DENY H .info "No Access allowed from .INFO"
DENY H .mil "No Access allowed from .MIL"
DENY H .museum "No Access allowed from .MUSEUM"
DENY H .nato "No Access allowed from .NATO"
DENY H .name "No Access allowed from .NAME"
DENY H .net "No Access allowed from .NET"
DENY H .nom "No Access allowed from .NOM"
DENY H .org "No Access allowed from .ORG"
DENY H .pro "No Access allowed from .PRO"
DENY H .store "No Access allowed from .STORE"
DENY H .web "No Access allowed from .WEB"

#################
# Country TLD's #
#################

DENY H .ad "No Access allowed from Andorra"
DENY H .ae "No Access allowed from United Arab Emirates"
DENY H .af "No Access allowed from Afghanistan"
DENY H .ag "No Access allowed from Antigua and Barbuda"
DENY H .ai "No Access allowed from Anguilla"
DENY H .al "No Access allowed from Albania"
DENY H .am "No Access allowed from Armenia"
DENY H .an "No Access allowed from Netherlands Antilles"
DENY H .ao "No Access allowed from Angola"
DENY H .aq "No Access allowed from Antarctica"
DENY H .ar "No Access allowed from Argentina"
DENY H .as "No Access allowed from American Samoa"
DENY H .at "No Access allowed from Austria"
DENY H .au "No Access allowed from Australia"
DENY H .aw "No Access allowed from Aruba"
DENY H .az "No Access allowed from Azerbaijan"
DENY H .ba "No Access allowed from Bosnia/Herzegovinia"
DENY H .bb "No Access allowed from Barbados"
DENY H .bd "No Access allowed from Bangladesh"
DENY H .be "No Access allowed from Belgium"
DENY H .bf "No Access allowed from Burkina Faso"
DENY H .bg "No Access allowed from Bulgaria"
DENY H .bh "No Access allowed from Bahrain"
DENY H .bi "No Access allowed from Burundi"
DENY H .bj "No Access allowed from Benin"
DENY H .bm "No Access allowed from Bermuda"
DENY H .bn "No Access allowed from Brunei Darussalam"
DENY H .bo "No Access allowed from Bolivia"
DENY H .br "No Access allowed from Brazil"
DENY H .bs "No Access allowed from Bahamas"
DENY H .bt "No Access allowed from Bhutan"
DENY H .bv "No Access allowed from Bouvet Island"
DENY H .bw "No Access allowed from Botswana"
DENY H .by "No Access allowed from 1. Belarus 2. Byelorussia"
DENY H .bz "No Access allowed from Belize"
DENY H .ca "No Access allowed from Canada"
DENY H .cc "No Access allowed from Cocos Islands - Keelings"
DENY H .cf "No Access allowed from Central African Republic"
DENY H .cg "No Access allowed from Congo"
DENY H .ch "No Access allowed from Switzerland"
DENY H .ci "No Access allowed from Cote D’Ivoire, or Ivory Coast"
DENY H .ck "No Access allowed from Cook Islands"
DENY H .cl "No Access allowed from Chile"
DENY H .cm "No Access allowed from Cameroon"
DENY H .cn "No Access allowed from China"
DENY H .co "No Access allowed from Colombia"
DENY H .cr "No Access allowed from Costa Rica"
DENY H .cs "No Access allowed from Czechoslovakia (former)"
DENY H .cu "No Access allowed from Cuba"
DENY H .cv "No Access allowed from Cape Verde"
DENY H .cx "No Access allowed from Christmas Island"
DENY H .cy "No Access allowed from Cyprus"
DENY H .cz "No Access allowed from Czech Republic"
DENY H .de "No Access allowed from Germany"
DENY H .dj "No Access allowed from Djibouti"
DENY H .dk "No Access allowed from Denmark"
DENY H .dm "No Access allowed from Dominica"
DENY H .do "No Access allowed from Dominican Republic"
DENY H .dz "No Access allowed from Algeria"
DENY H .ec "No Access allowed from Ecuador"
DENY H .ee "No Access allowed from Estonia"
DENY H .eg "No Access allowed from Egypt"
DENY H .eh "No Access allowed from Western Sahara"
DENY H .er "No Access allowed from Eritrea"
DENY H .es "No Access allowed from Spain"
DENY H .et "No Access allowed from Ethiopia"
DENY H .fi "No Access allowed from Finland"
DENY H .fj "No Access allowed from Fiji"
DENY H .fk "No Access allowed from Falkland Islands/Malvinas"
DENY H .fm "No Access allowed from Micronesia"
DENY H .fo "No Access allowed from Faroe Islands"
DENY H .fr "No Access allowed from France"
DENY H .fx "No Access allowed from Metropolitan France"
DENY H .ga "No Access allowed from Gabon"
DENY H .gb "No Access allowed from Great Britain"
DENY H .gd "No Access allowed from Grenada"
DENY H .ge "No Access allowed from Georgia"
DENY H .gf "No Access allowed from French Guiana"
DENY H .gh "No Access allowed from Ghana"
DENY H .gi "No Access allowed from Gibraltar"
DENY H .gl "No Access allowed from Greenland"
DENY H .gm "No Access allowed from Gambia"
DENY H .gn "No Access allowed from Guinea"
DENY H .gp "No Access allowed from Guadeloupe"
DENY H .gq "No Access allowed from Equatorial Guinea"
DENY H .gr "No Access allowed from Greece"
DENY H .gs "No Access allowed from South Georgia and South Sandwich Islands"
DENY H .gt "No Access allowed from Guatemala"
DENY H .gu "No Access allowed from Guam"
DENY H .gw "No Access allowed from Guinea-Bissau"
DENY H .gy "No Access allowed from Guyana"
DENY H .hk "No Access allowed from Hong Kong"
DENY H .hm "No Access allowed from Heard and McDonald Islands"
DENY H .hn "No Access allowed from Honduras"
DENY H .hr "No Access allowed from Croatia/Hrvatska"
DENY H .ht "No Access allowed from Haiti"
DENY H .hu "No Access allowed from Hungary"
DENY H .id "No Access allowed from Indonesia"
DENY H .ie "No Access allowed from Ireland"
DENY H .il "No Access allowed from Israel"
DENY H .in "No Access allowed from India"
DENY H .io "No Access allowed from British Indian Ocean Territory"
DENY H .iq "No Access allowed from Iraq"
DENY H .ir "No Access allowed from Iran"
DENY H .is "No Access allowed from Iceland"
DENY H .it "No Access allowed from Italy"
DENY H .jm "No Access allowed from Jamaica"
DENY H .jo "No Access allowed from Jordan"
DENY H .jp "No Access allowed from Japan"
DENY H .ke "No Access allowed from Kenya"
DENY H .kg "No Access allowed from Kyrgyzstan"
DENY H .kh "No Access allowed from Cambodia"
DENY H .ki "No Access allowed from Kiribati"
DENY H .km "No Access allowed from Comoros"
DENY H .kn "No Access allowed from Saint Kitts and Nevis"
DENY H .kp "No Access allowed from North Korea"
DENY H .kr "No Access allowed from South Korea"
DENY H .kw "No Access allowed from Kuwait"
DENY H .ky "No Access allowed from Cayman Islands"
DENY H .kz "No Access allowed from Kazakhstan"
DENY H .la "No Access allowed from Laos"
DENY H .lb "No Access allowed from Lebanon"
DENY H .lc "No Access allowed from Saint Lucia"
DENY H .li "No Access allowed from Liechtenstein"
DENY H .lk "No Access allowed from Sri Lanka"
DENY H .lr "No Access allowed from Liberia"
DENY H .ls "No Access allowed from Lesotho"
DENY H .lt "No Access allowed from Lithuania"
DENY H .lu "No Access allowed from Luxembourg"
DENY H .lv "No Access allowed from Latvia"
DENY H .ly "No Access allowed from Libya"
DENY H .ma "No Access allowed from Morocco"
DENY H .mc "No Access allowed from Monaco"
DENY H .md "No Access allowed from Moldova"
DENY H .mg "No Access allowed from Madagascar"
DENY H .mh "No Access allowed from Marshall Islands"
DENY H .mk "No Access allowed from Macedonia"
DENY H .ml "No Access allowed from Mali"
DENY H .mm "No Access allowed from Myanmar"
DENY H .mn "No Access allowed from Mongolia"
DENY H .mo "No Access allowed from Macau"
DENY H .mp "No Access allowed from Northern Mariana Islands"
DENY H .mq "No Access allowed from Martinique"
DENY H .mr "No Access allowed from Mauritania"
DENY H .ms "No Access allowed from Montserrat"
DENY H .mt "No Access allowed from Malta"
DENY H .mu "No Access allowed from Mauritius"
DENY H .mv "No Access allowed from Maldives"
DENY H .mw "No Access allowed from Malawi"
DENY H .mx "No Access allowed from Mexico"
DENY H .my "No Access allowed from Malaysia"
DENY H .mz "No Access allowed from Mozambique"
DENY H .na "No Access allowed from Namibia"
DENY H .nc "No Access allowed from New Caledonia"
DENY H .ne "No Access allowed from Niger"
DENY H .nf "No Access allowed from Norfolk Island"
DENY H .ng "No Access allowed from Nigeria"
DENY H .ni "No Access allowed from Nicaragua"
DENY H .nl "No Access allowed from Netherlands"
DENY H .no "No Access allowed from Norway"
DENY H .np "No Access allowed from Nepal"
DENY H .nr "No Access allowed from Nauru"
DENY H .nt "No Access allowed from Neutral Zone"
DENY H .nu "No Access allowed from Niue"
DENY H .nz "No Access allowed from New Zealand (Aotearoa)"
DENY H .om "No Access allowed from Oman"
DENY H .pa "No Access allowed from Panama"
DENY H .pe "No Access allowed from Peru"
DENY H .pf "No Access allowed from French Polynesia"
DENY H .pg "No Access allowed from Papua New Guinea"
DENY H .ph "No Access allowed from Philippines"
DENY H .pk "No Access allowed from Pakistan"
DENY H .pl "No Access allowed from Poland"
DENY H .pm "No Access allowed from St. Pierre and Miquelon"
DENY H .pn "No Access allowed from Pitcairn"
DENY H .pr "No Access allowed from Puerto Rico"
DENY H .pt "No Access allowed from Portugal"
DENY H .pw "No Access allowed from Palau"
DENY H .py "No Access allowed from Paraguay"
DENY H .qa "No Access allowed from Qatar"
DENY H .re "No Access allowed from Reunion"
DENY H .ro "No Access allowed from Romania"
DENY H .ru "No Access allowed from Russian Federation"
DENY H .rw "No Access allowed from Rwanda"
DENY H .sa "No Access allowed from Saudi Arabia"
DENY H .sb "No Access allowed from Solomon Islands"
DENY H .sc "No Access allowed from Seychelles"
DENY H .sd "No Access allowed from Sudan"
DENY H .se "No Access allowed from Sweden"
DENY H .sg "No Access allowed from Singapore"
DENY H .sh "No Access allowed from Saint Helena"
DENY H .si "No Access allowed from Slovenia"
DENY H .sj "No Access allowed from Svalbard and Jan Mayen Islands"
DENY H .sk "No Access allowed from Slovakia"
DENY H .sl "No Access allowed from Sierra Leone"
DENY H .sm "No Access allowed from San Marino"
DENY H .sn "No Access allowed from Senegal"
DENY H .so "No Access allowed from Somalia"
DENY H .sr "No Access allowed from Suriname"
DENY H .st "No Access allowed from Sao Torme and Principe"
DENY H .su "No Access allowed from Former USSR"
DENY H .sv "No Access allowed from El Salvador"
DENY H .sy "No Access allowed from Syria"
DENY H .sz "No Access allowed from Swaziland"
DENY H .sz "No Access allowed from Turks and Caicos Islands"
DENY H .td "No Access allowed from Chad"
DENY H .tf "No Access allowed from French Southern Territory"
DENY H .tg "No Access allowed from Togo"
DENY H .th "No Access allowed from Thailand"
DENY H .tj "No Access allowed from Tajikistan"
DENY H .tk "No Access allowed from Tokelau"
DENY H .tm "No Access allowed from Turkmenistan"
DENY H .tn "No Access allowed from Tunisia"
DENY H .to "No Access allowed from Tonga"
DENY H .tp "No Access allowed from East Timor"
DENY H .tr "No Access allowed from Turkey"
DENY H .tt "No Access allowed from Trinidad and Tobago"
DENY H .tv "No Access allowed from Tuvalu"
DENY H .tw "No Access allowed from Taiwan"
DENY H .tz "No Access allowed from Tanzania"
DENY H .ua "No Access allowed from Ukraine"
DENY H .ug "No Access allowed from Uganda"
DENY H .uk "No Access allowed from United Kingdom"
DENY H .um "No Access allowed from U.S. Minor Outlying Islands"
DENY H .us "No Access allowed from United States"
DENY H .uy "No Access allowed from Uruguay"
DENY H .uz "No Access allowed from Uzbekistan"
DENY H .va "No Access allowed from Vatican City State"
DENY H .vc "No Access allowed from Saint Vincent and the Grenadines"
DENY H .ve "No Access allowed from Venezuela"
DENY H .vg "No Access allowed from British Virgin Islands"
DENY H .vi "No Access allowed from U.S. Virgin Islands"
DENY H .vn "No Access allowed from Viet Nam"
DENY H .vu "No Access allowed from Vanuatu"
DENY H .wf "No Access allowed from Wallis and Futuna Islands"
DENY H .ws "No Access allowed from Samoa"
DENY H .ye "No Access allowed from Yemen"
DENY H .yt "No Access allowed from Mayotte"
DENY H .yu "No Access allowed from Yugoslavia"
DENY H .za "No Access allowed from South Africa"
DENY H .zm "No Access allowed from Zambia"
DENY H .zr "No Access allowed from Zaire"
DENY H .zw "No Access allowed from Zimbabwe"

jeza
09-18-2004, 10:18 AM
yuhuhu das ist eber net
:)

Devianced
09-26-2004, 09:35 AM
Wow, sieht sehr nett aus :)

@ testen ^^

Greez Deva

macosbrain
09-26-2004, 09:51 AM
hi

also ich finde die liste sehr nett. hoffe du hast nix dagegen wenn ich die bei mir auch einsetze.

see you and big thanx

Grendel
09-26-2004, 10:54 AM
Hi @ macosbrain,

natürlich hab ich nix dagegen :D
Sonst hätte ich das Teil hier auch bestimmt nicht gepostet ;)

Seit ich diese Hosts.rules so laufen habe,
hatte ich bisher auch keine Probleme damit.

Im ERROR.LOG ist immer toll zu sehen,
was da so an - vielleicht auch "zufälligen" Connects - stattfindet.

siehe kleiner Auszug meiner Error.log:


09-23-2004 15:22:28 Rejected client from 62.245.167.123: "No Access allowed from .NET"
09-23-2004 16:25:17 Rejected client from 195.3.113.21: "No Access allowed from Austria"
09-23-2004 16:25:17 Rejected client from 80.121.108.122: "No Access allowed from Austria"
09-23-2004 20:04:07 Rejected client from 217.9.58.235: "No Access allowed from .NET"
09-24-2004 02:26:06 Rejected client from 80.117.250.215: "No Access allowed from Italy"

wenn ich mir dann anschaue von welchen Hostern die IPs kommen,
kann man gut sehen, das diese IP-Ranges kein ACCEPT haben.

62.245.167.123 --> host-62-245-167-123.customer.m-online.net
195.3.113.21 --> klagl401-nat.highway.telekom.at
80.121.108.122 --> m1892p026.adsl.highway.telekom.at
217.9.58.235 --> dsl-217-9-58-235.berlikomm.net
80.117.250.215 --> host215-250.pool80117.interbusiness.it