Breaks down a deny list into individual IPs, makes sure that none of those IPs are part of the scope file. Additionally it can add all the deny IPs to iptables to deny outbound traffic, you specify a rule-set name (it's really a comment on iptables) and you can also later remove those rules when you're done. https://chaosnet.io
Go to file
Nuno 8e02bc6afd Update 'README.md' 2023-06-22 19:48:18 +00:00
ExclusionEnforcer.py LOL - totally new version, it actually works this time. 2023-06-15 02:53:28 +00:00
LICENSE Initial commit 2023-06-13 19:44:42 +00:00
README.md Update 'README.md' 2023-06-22 19:48:18 +00:00

README.md

Exclusion Enforcer


ExclusionEnforcerBeast.png (visual hallucination by OpenAI and Dall-E)

The Exclusion Enforcer, the final frontier in IP deny list management (what?) This is where packets meet their maker. Got a gaggle of pesky IP addresses wreaking havoc in your gig? I've got the fix. This has been a garage repo since '22, get it off the lot NOW, and this Python 3 beast will wrangle your deny lists, validate your scope, and generate the rules to drop those delinquent packets faster than you can press CTRL-C as the phone rings.

Exclusion Enforcer isn't for the faint of heart (it needs root for the iptables stuff). This is for network warriors, ready to defend their digital turf with the firepower of Python and iptables. Also, folks who can reboot a linux box.

Features

Verify your scope

Make sure no IP address evades your watchful eye. Feed it a deny list, and it'll cross-verify with your scope, ensuring not a single rogue packet slips through. Client handed you lists in mixed multiple formats? oh, ok.

  • Individual IPs? got it.
  • CIDR notion? no worries.
  • That weird nmap thing with dashes? I /think/ sooo?

This bad boi will turn everything into a single format. And can you pick the format? No, output is one ip per line.

Integrate with iptables

Once your deny list is vetted, Exclusion Enforcer will 'synergize' (see, Paul? I can be corporate) directly with iptables, enforcing your will at the kernel level. Those packets won't even see it coming. Name your rule-set and you can now manage it quickly!

Flexible management

Need to clear the decks? With a single command, Exclusion Enforcer will sweep your iptables rules clean of everything associated with the rule-set you defined earlier, leaving it pristine and primed for your next battle.

Command-line goodness

Everything you need right at your fingertips. Arguments to specify, check, and enforce and tear down a deny list. Plus, a friendly -h to remind you of your options. LITERALLY NO ONE DOES THIS FOR YOU.

How to Summon the Exclusion Enforcer

Clone this repository. You'll need Python3 and GIT already locked and loaded.

git clone git clone https://git.sdf.org/chaosnet/ExclusionEnforcer.git
cd ExclusionEnforcer
python3 ExclusionEnforcer.py -h

cd ExclusionEnforcer
python3 ExclusionEnforcer.py -h

And let the magic commence. Welcome to the frontier, digital desperad(o/a)(et al.)!

Now, mount up and start dropping packets like your cyber insurance premium depends on it!