This script will output RHEL compatible /etc/sysconfig/iptables lines.
It will list the autonomous system numbers for the three biggest Finnish operators.

Sonera = AS1759
Elisa = AS719, AS790, AS6667, AS34188, AS21366, AS20931
DNA = AS16086, AS49422


.

#!/usr/bin/perl

$destination_server_ip='n.n.n.n';
$extra_source_network='n.n.n.n/25';

my @as_number_sonera = (
        'AS1759',
);

my @as_number_elisa = (
        'AS719',
        'AS790',
        'AS6667',
        'AS34188',
        'AS21366',
        'AS20931',
);

my @as_number_dna = (
        'AS16086',
        'AS49422',
);

foreach ( @as_number_sonera, @as_number_elisa, @as_number_dna ) {
        open(SYSTEM_CMD, "/usr/bin/whois -h whois.radb.net -- \"-i origin $_\" | grep route: |");
        while() {
                if ($_ =~ /0.0.0.0\/0/) {
                        next;
                }
                if ($_ =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\d{1,2})/) {
                        print "-A INPUT -m state --state NEW -p tcp -s ", $1, " -d ", $destination_server_ip, " -m multiport --dport 22 -j ACCEPT", "\n";
                }
        }
        close(SYSTEM_CMD);
        sleep(15);
}

print "-A INPUT -m state --state NEW -p tcp -s ", $extra_source_network, " -d ", $destination_server_ip, " -m multiport --dport 22 -j ACCEPT", "\n";
Advertisements