IPFREEZE How-to

>What is it ?

When I began having my own connexion with a fixed IP address, I did also place a firewall to protect my sites and other stuff. With time I did realize how unfriendly was internet. I did let sniffers work days and night to understand what was potientially dangerous or not to my servers. This is why I had the idea to develop a simple piece of code that would automatically block packets from given IPs. This let the "attacker" think you have shut down your machine. This soft has been running my firewall for more than one year now and it seems to be a good security companion. With time, it did evolve offering more sofisticated answers.

Ipfreeze works with Netfilter Linux's firewall. It has been written in Perl. This software is released under the GNU General Public License.

>How does that work

It is very simple.

  1. Netfilter passes a packet to ipfreeze.pl via iptables's QUEUE target
  2. ipfreeze.pl checks if the packet's address is whitelisted or not
  3. if not, it checks if the address is not already blacklisted
  4. if not, it adds a new rule in a netfilter "blacklist" chain that intercept all packets coming from that IP.
  5. the rule is deleted after a user definable period.


Figure 1 - General principe of Ipfreeze
With such mecanism it is possible to :

>Getting and installing Ipfreeze

You can obtain the last Ipfreeze's version from here : http://www.coolkeums.org/downloads/yaffl/

Once downloaded, you will have to decompress and untar the archive :

Exexcute runme.1st to know if all the accurates libs are present on your system :

You will probably not have anything OK at first time, see the troubleshootings section.
Now You may create a place where you will store your permanent blacklist and whitelist files. I used to place them in "/etc/ipfreeze" but you can use your own place. Juste note that ipfreeze.pl will use "/etc/ipfreeze/ip_blacklist" and "/etc/ipfreeze/ip_whitelist" as default files.

Using blacklist is also a security risk. As people may know you are using such system they would be able to make the system automatically blacklist your default gateway or DNSs. That's why there is a whitelist and you should add IP addresses of your DNSs and default gateway here. Ipfreeze.pl intercept the HUP signal. When it receives this signal, it reloads blacklist and whitelist from configuration files but also looses temporally blacklisted IPs.

Now you can either download a ready for use firewall script or writting your own firewall script using ipfreeze.Send me your firewall artwork using ipfreeze. They will be added in the "ready for use repository".

Troubleshootings