The IP blocker is a really useful tool that will help you to easily block any IP ir IP range you want in a manner which is compatible with your firewalls.
Index
Description
- It features a design that allows temporal or permanent blocking of an IP or IP ranges, in format CIDR (example 192.168.0.0/24).
- Moreover, it provides support for a scriptable API that many parts of the Core-Admin platform uses to automatically block unallowed sequences, attacks, SQL inyection, etc.
- Furthermore, blacklist operations can be handled easily from a grafical interface and from a single point.
- Some of the operation we can do are:
- Block an IP or IP range
- Select an IP or IP range as unablockable, to avoid them be blocked form automatic Core-admin actions
- Visualize blocking history
How to use it
In Core-admin panel, we select IP blocker application,
We get application interface,
Block an IP or IP range
- We select Blacklisted IPs option and click on Add Blacklisted ip where we set the IP, o IP range, to block.
- We choose the block type, if it is temporal or permanent. In case we choose temporal block, it is necessary to set the time, in seconds, for which the block will be on.
- Finally, we save the configuration by doing click on Add a new Blacklisted ip.
We visualize the configuration done,
IP or IP range unablockable
- We select Unablockable IPs option and click on Add whitelisted ip where we set the IP or IP range to be not blockable.
- We choose the block type, if it is temporal or permanent. In case we choose temporal block, it is necessary to set the time, in seconds, while the block will be on.
- Finally, we save the configuration by doing click on Add a new Whitelisted ip.
After that, we will see configuration done:
Blocking history
In Blocking history option, we get a resume of all the IPs blocked,
We can also visualize a history for the las 24 hours and for the last week, by doing click on those options.
Another details
Another available options are the IP report of one specific IP where you can get the status for a particular IP or IP range (if it was blocked and what’s it current status) and the blocked mode configuration inside Options.
IP report
We click on IP Report and input the IP, to know the actions that were applied to it.
We choose if we want to see the report on a dialog box or inside a panel,
We get the report,
Aditional configuration: blocking mode
By doing click on Configure, we select the block mode. The default option is by iptables, although there is also available the option by route. We recomend to use the default option, iptables; but in case the iptable local firewall is not supported or you do not want to modify it, then use “route” option.
By default, Core-admin will not block the IP address that are detected to be used by Core-Admin users. This is to avoid applying automatic blocking operations to known users. In the case you want to disable this, check Block core admin users.
Core-Admin integration in command line
The IP blocker application is algo available in command line with a unified database.
For this, use the following tool:
>> crad-ip-blocker.pyc –help
Usage: crad-ip-blocker.pyc [options]
Options:
-h, –help show this help message and exit
-l, –list-blocked-ips
Allows to list currently blocked ips
-a IP [permanent|temporal period] [reason], –add-blocked-ip=IP [permanent|temporal period] [reason]
Allows to block a new IP. You can block one or several
ips with ‘ip1 ip2 ip2′ instead of providing just one
ip
-r RULE-ID, –remove-blocked-ip=RULE-ID
Allows remove a rule previously created. The option
requires the rule id to remove.
-c, –remove-expired-rules
Allows to remove temporal rules that are expired.
-x IP [permanent|temporal period] [reason], –add-whitelist-ip=IP [permanent|temporal period] [reason]
Allows to add an indication that the provided IP can’t
be blocked (even if requested).
-d, –list-white-listed-ips
Allows to list white listed ips.
-e IP, –is-whitelisted-ip=IP
Allows to check if the provided IP is already
whitelisted. The command returns 0 if the IP is
whitelisted, otherwise -1 is reported
-b IP, –is-blacklisted-ip=IP
Allows to check if the provided IP is already
blacklisted. The command returns 0 if the IP is
blacklisted, otherwise -1 is reported
-w IP, –was-blacklisted-ip=IP
Allows to check if the provided IP was already
blacklisted. The command returns 0 if the IP was
blacklisted, otherwise -1 is reported. Also returns
previous blocking reasons
To block an IP permanently, execute:
>> crad-ip-blocker.pyc -a 30.40.50.60 permanent “Block_reason”
To remove a block done by, first we list and then we select the rule to remove:
>> crad-ip-blocker.pyc -l
>> crad-ip-blocker.pyc -r
To configure an IP as not blockable, execute:
>> crad-ip-blocker.pyc -x 30.40.50.60 permanent “important_IP_not_block”
Core-Admin integration with python API
To use IP blocker services, it is necessary to import the module by using next code:
from core_admin_agent import application
m = application._import ("ip_blocker")
if not m:
return (False, "Unable to import application, It is installed?")
After that, to block an IP, use the next code:
params = {}
params['is_active'] = True
params['ip_blocked'] = '30.40.50.60'
params['description'] = 'Motivo del bloqueo'
params['block_type'] = 'permanent' # or temporal
params['blocking_period'] = 3600 # ignored when block_type == permanent
(status, info) = application.call (m, "create_blacklisted_ip", params)
if not status:
return (False, "Unable to add block rule, error was: %s" % info)
To list the IP blocks, execute:
(status, rules) = application.call (m, "list_blacklisted_ips") if not status: return (False, "Unable to list rules, error was: %s" % rules) for rule in rules: print "INFO: rule info: %s" % rule