Muitas idéias surgindo capitão!
Mais uma edição do Azure Bootcamp Blumenau, na Faculdade SENAC ocorreu neste dia 27/04/2019, com muitos Labs técnicos com as ultimas tecnologias e ferramentas da Nuvem Microsoft e tive novamente a oportunidade de palestrar sobre o Luis, que faz parte dos sistemas cognitivos da Microsoft.
27
Utilizar o script import-firewall-blocklist.ps1 que cria uma lista de restrições baseadas nos ips/faixas de ips informados no arquivo .txt
Para executar deve ser usado o powershell, a ativado o recurso de execucao de scripts com o comando:
Set-ExecutionPolicy RemoteSigned
Referência:
//stackoverflow.com/questions/4037939/powershell-says-execution-of-scripts-is-disabled-on-this-system
Algumas fontes para listas de ip´s:
Pode-se obter a lista de ips de forma automática, acessando a url por codigo de pais, exemplo: //www.ipdeny.com/ipblocks/data/countries/xx.zone
Ips da China cn: //www.ipdeny.com/ipblocks/data/countries/cn.zone
Ips Argentina ar: //www.ipdeny.com/ipblocks/data/countries/ar.zone
//www.okean.com/thegoods.html
//www.countryipblocks.net/
//www.wizcrafts.net/iptables-blocklists.html
//www.iblocklist.com
//lite.ip2location.com
No mirkotik pode-se utilizar uma address list, e duas regras de firewall, uma para input e outra para foward.
Exemplo de script:
/ip firewall address-list remove [find list=BLOCK-Country] add address=203.95.208.0/22 list=BLOCK-Country add address=203.95.224.0/19 list=BLOCK-Country add address=203.99.8.0/21 list=BLOCK-Country add address=203.99.16.0/20 list=BLOCK-Country add address=203.99.80.0/20 list=BLOCK-Country add address=203.100.32.0/20 list=BLOCK-Country add address=203.100.48.0/21 list=BLOCK-Country add address=203.100.58.0/24 list=BLOCK-Country add address=203.100.60.0/24 list=BLOCK-Country add address=203.100.63.0/24 list=BLOCK-Country add address=203.100.80.0/20 list=BLOCK-Country add address=203.100.96.0/19 list=BLOCK-Country add address=203.100.192.0/20 list=BLOCK-Country add address=203.104.32.0/20 list=BLOCK-Country add address=203.105.96.0/19 list=BLOCK-Country add address=203.105.128.0/19 list=BLOCK-Country add address=203.107.0.0/17 list=BLOCK-Country add address=203.110.160.0/19 list=BLOCK-Country add address=203.110.208.0/20 list=BLOCK-Country add address=203.110.232.0/23 list=BLOCK-Country add address=203.110.234.0/24 list=BLOCK-Country add address=203.114.80.0/22 list=BLOCK-Country add address=203.114.84.0/22 list=BLOCK-Country add address=203.114.88.0/22 list=BLOCK-Country add address=203.114.92.0/22 list=BLOCK-Country add address=203.114.244.0/22 list=BLOCK-Country add address=203.118.192.0/19 list=BLOCK-Country add address=203.118.241.0/24 list=BLOCK-Country add address=203.118.248.0/22 list=BLOCK-Country add address=203.119.24.0/21 list=BLOCK-Country add address=203.119.32.0/22 list=BLOCK-Country add address=203.119.80.0/22 list=BLOCK-Country add address=203.119.85.0/24 list=BLOCK-Country add address=203.119.113.0/24 list=BLOCK-Country add address=203.119.114.0/23 list=BLOCK-Country add address=203.119.116.0/22 list=BLOCK-Country add address=203.119.120.0/21 list=BLOCK-Country add address=203.119.128.0/17 list=BLOCK-Country add address=203.123.58.0/24 list=BLOCK-Country add address=203.128.32.0/19 list=BLOCK-Country add address=203.128.96.0/19 list=BLOCK-Country add address=203.128.224.0/21 list=BLOCK-Country /ip firewall filter remove [find comment=BLOCK-Country] add action=drop chain=input comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3 add action=drop chain=forward comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3
Usando .htaccess voce pode bloquear acessos ao seu website diretamente.
order allow,deny allow from all # Get up-to-date list from //www.wizcrafts.net/russian-blocklist.html deny from 2.72.0.0/13 2.92.0.0/14 2.132.0.0/14 deny from 5.34.56.0/22 5.60.0.0/16 5.143.0.0/16 deny from 80.48.0.0/13 80.70.96.0/20
Para boqueio de todos os serviços deve-se utilizar iptables.
Referencias: //www.parkansky.com/china.htm
Mais uma edição do Global Azure Boot Camp em Blumenau, agora para alunos do SENAI, que tiveram a oportunidade de conhecer a plataforma Azure, tecnologias Cognitivas da Microsoft, LUIS e BotFramework com Anderson Leandro Kovalski, e também Azure Functions com Xamarin com Danilo Raulino de Liz.