From b23c1e3b6b1e2a838315c1d3fb25b364731fd281 Mon Sep 17 00:00:00 2001 From: Alexis <120563837+alexisart@users.noreply.github.com> Date: Fri, 30 Jun 2023 01:40:29 -0400 Subject: [PATCH] Added IP Table Generation --- .gitignore | 3 ++- License.md | 27 +++++++++++++++++++++++++ ReadMe.md | 26 ++++++++++++++++++++++++ functions/iptables_generator.py | 30 ++++++++++++++++++++++++++++ meta.py => functions/whois_lookup.py | 25 ++++++++++++++++------- main.py | 12 +++++++++++ 6 files changed, 115 insertions(+), 8 deletions(-) create mode 100644 License.md create mode 100644 ReadMe.md create mode 100644 functions/iptables_generator.py rename meta.py => functions/whois_lookup.py (60%) create mode 100644 main.py diff --git a/.gitignore b/.gitignore index 0cafc1c..808386f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -.venv/ \ No newline at end of file +.venv/ +__pycache__/ \ No newline at end of file diff --git a/License.md b/License.md new file mode 100644 index 0000000..81396ff --- /dev/null +++ b/License.md @@ -0,0 +1,27 @@ +Unlicense (Public Domain) +============================ + +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to <> \ No newline at end of file diff --git a/ReadMe.md b/ReadMe.md new file mode 100644 index 0000000..06102f2 --- /dev/null +++ b/ReadMe.md @@ -0,0 +1,26 @@ +# What's This About + +Meta is planning on joining the Fediverse via a project called Project 92, or P92 for short. Many people including myself know how Meta is bad when it comes to respecting human rights. I'm not even just talking about Cambridge Analytica, but am talking about the [genocide which Meta helped perpetuate such as in Myanmar](https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/). [Meta also has a history of mistreating queer people](https://www.aclu.org/news/lgbtq-rights/facebooks-discrimination-against-the-lgbt-community) and that's not even including the ["real" name policy](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community). Of course, for me, I say that the name the person tells you is there name, is there real name. Not the name they were born with or their legal name, but the name that the person identifies with. + +To help explain why the reaction is so strong against Meta, it helps to know that the Fediverse is very, very queer. The Fediverse is made of people, including LGBT people who had to flee from other platforms due to the abuse they've received from the platforms they used to be on. This includes the large influx of people which came from Twitter when Musk took over and started implementing transphobic policies and hiding trans people's tweets while allowing transphobic tweets and slurs to proliferate. Meta only wants to connect to the Fediverse because they see it as a means to make a profit, and they'll do that no matter how much it harms people or tears about the community. + +You can read more about Meta and the Fediverse at the article, [Should the Fediverse welcome its new surveillance-capitalism overlords?](https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism) + +You can also check out [the pact against Meta](https://fedipact.online). + +# What's This Repo + +This repo is a means to forcibly remove Meta from the Fediverse, by any means necessary. I've started this to collect a list of ip addresses which are owned by Meta and then to block Meta in ways that'll make life much more difficult for them. This includes silently dropping packets without notifying Meta, so their computers have to time out for each server which uses this method, as well as sending fake ActivityPub data to Meta and also throttling the connection, so as to slow their computers down and to make it harder for them to differentiate between which data is real, and which data is fake. It'll make their data much less valuable to anyone wanting to buy it. + +# What Else Can We Do + +You can always sign the [the pact against Meta](https://fedipact.online) as well as update people with new Meta instances via the #FediBlock hashtag. You can also contribute means of obtaining lists of Meta's servers by ip, and domain. This list can include both scrapers, and ActivityPub powered instances. + +If you're a server owner, you can also update your .env.production file if you'd like to make it harder for others to read posts without authentication, however, this may make things less convenient for your denizens. I'd advise [reading about these options](https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/) and consulting with your denizens before you enable them. + +```ini +AUTHORIZED_FETCH=true +DISALLOW_UNAUTHENTICATED_API_ACCESS=true +``` + +I intentionally set everything in this repo as Public Domain (or [Unlicense](License.md) where Public Domain does not exist). This way anyone can work on improving this anti-Meta measure without restriction. \ No newline at end of file diff --git a/functions/iptables_generator.py b/functions/iptables_generator.py new file mode 100644 index 0000000..ed8eabf --- /dev/null +++ b/functions/iptables_generator.py @@ -0,0 +1,30 @@ +# sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP + +from typing import Generator + +def generate_iptable_rules(addresses: list[dict]) -> Generator[str, dict, None]: + # Commands + sudo: str = "sudo" + iptables: str = "iptables" + + # Variables + chain_name: str = "PROTECT_FEDI" + policy: str = "DROP" # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently + + # IP Tables Setup + create_chain: str = f"{sudo} {iptables} -N {chain_name}" + delete_chain: str = f"{sudo} {iptables} -X {chain_name}" + empty_chain: str = f"{sudo} {iptables} -F {chain_name}" + add_chain_to_incoming_packets: str = f"{sudo} {iptables} -I INPUT 1 -j {chain_name}" + + handle_route: str = "{sudo} {iptables} -A {chain_name} -s {address} -j {policy}" + + # Setup Stage + yield create_chain + yield add_chain_to_incoming_packets + + # I was going to pipe data directly from one generator to the other, but that made the code far more complex than is needed + # If the addresses list get's large enough to warrant piping, it may be time to look into another method of handling blocking Meta + for address in addresses: + if address is dict and "route" in address: + yield handle_route.format(sudo=sudo, iptables=iptables, chain_name=chain_name, address=address["route"], policy=policy) \ No newline at end of file diff --git a/meta.py b/functions/whois_lookup.py similarity index 60% rename from meta.py rename to functions/whois_lookup.py index b754730..baa50ae 100644 --- a/meta.py +++ b/functions/whois_lookup.py @@ -1,35 +1,46 @@ import whois +from typing import Generator + +# https://developers.facebook.com/docs/sharing/webmasters/crawler/ +# whois -h whois.radb.net -- '-i origin AS32934' | grep ^route +# The results are in the format of address:mask + def lookup_records(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True) -> str: - # whois -h whois.radb.net -- '-i origin AS32934' | grep ^route client: whois.NICClient = whois.NICClient() response: bytes = client.whois(query=query, hostname=host, flags=flags, many_results=many_results, quiet=quiet) return response -def lookup_ips(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True): +def lookup_ips(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True) -> Generator[dict, None, None]: response = lookup_records(query=query, host=host, flags=flags, many_results=many_results, quiet=quiet) for line in response.splitlines(): if line.startswith("route:"): - route: str = ":".join(line.split(":")[2:]).strip() + route: str = ":".join(line.split(":")[1:]).strip() yield { "ip_version": 4, "route": route } elif line.startswith("route6:"): - route: str = ":".join(line.split(":")[2:]).strip() + route: str = ":".join(line.split(":")[1:]).strip() yield { "ip_version": 6, "route": route } -if __name__ == "__main__": +def get_ips(): query: str = "-i origin AS32934" host: str = "whois.radb.net" - for ip in lookup_ips(query=query, host=host): - print(ip) \ No newline at end of file + return lookup_ips(query=query, host=host) + +if __name__ == "__main__": + for ip in get_ips(): + if ip is dict and "route" in ip: + print(ip["route"]) + else: + print(ip) \ No newline at end of file diff --git a/main.py b/main.py new file mode 100644 index 0000000..6a9978a --- /dev/null +++ b/main.py @@ -0,0 +1,12 @@ +from functions import whois_lookup, iptables_generator + +if __name__ == "__main__": + addresses: list[dict] = [] + + # Get IP Addresses To Ban + for address in whois_lookup.get_ips(): + addresses.append(address) + + # Generate IP Table Rules + for rule in iptables_generator.generate_iptable_rules(addresses=addresses): + print(rule) \ No newline at end of file