How to build GEO country block lists

Firewall , SLB  and other  security devices typically have a GEO database that allows for quick allow|block against a country. Most other systems does not, but you can build simple scripts to  feed geoip information for  firewall services.

In this example, we will use   iptables and firewalld


If your using a system that does not  have a integral  geoip database you can call out denyip and  by using the 2 letter  iso country code you can build lists with ease.

http://www.ipdeny.com/


So using the following format, we can quickly  pull the data for a country   and feed this into our script or tool to use for a simple drop or accept. Here we are using iptables and iso county  gq and io


http://ipdeny.com/ipblocks/data/aggregated/io-aggregated.zone
http://ipdeny.com/ipblocks/data/aggregated/GQ-aggregated.zone

And a example with firewalld

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \

Forcepoint SMC v6.6

The forcepoint the  NGFW and SMC has version 6.6.0 available. You can follow forcepoint at the following link  https://www.forcepoint.com/blog


We have started some testing on the SMC appliance and with the new  SMC v6.6

The API interface is available for  Administration of the SMC

It's also best to ensure that the updates are up to date.

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \

Site Down Checker using curl

Working in a support center we needed a simple site checker script that could be used to check for a site not being available. In this example, I'm using my favorite tool "cUrl"  The script can be modified to inspect what ever status.code that you are looking for. This  kinda of what a F5 LTM health monitor does btw

#!/bin/bash
#
#
D=`curl -k -o /dev/null -s  -w "response_code: %{http_code}\n"  https://platform.ringcentral.com/restapi/ | awk ' { print$2}'`


#echo $S

T=200


if [ $T =  $D ] ; then

    echo "Site is reachable"

else

    echo "Site is down"

fi

You should beable to add to this and even set expect response time if your making functional changes based on extended times.

example we are looking for status code 200 and  response time of  200ms or less could set the  time 

e.g

F=curl -k -o /dev/null -s  -w "response_code: %{time_total}\n"  https://platform.ringcentral.com/restapi/  | awk ' { print $2} ' | cut -d "." 

And do a comparison against the variable  to see if the value is less than 200ms

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \

using curl to get page load times

You can  use  various defined  variable in  curl to get page load times


H:\Desktop>curl -L --silent --show-error --write-out "lookup:        %{time_namelookup}\ntcp_established: %{time_connect}\nconnect:       %{time_connect}\nappconnect:    %{time_appconnect}\npretransfer:   %{time_pretransfer}\nredirect:      %{time_redirect}\nstarttransfer: %{time_starttransfer}\ntotal:         %{time_total}\n" -I  https://www.example.com


example output

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o 

        /  \