mcblockc(8) FreeBSD System Manager's Manual mcblockc(8)

NAME

mcblockcClient of mcblockd

SYNOPSIS

mcblockc [-h mcblockd_host] search ipv4addr

mcblockc [-h mcblockd_host] getactive tableName

mcblockc [-h mcblockd_host] loghit tableName ipv4addr

mcblockc [-h mcblockd_host] activate tableName prefix(es)

mcblockc [-h mcblockd_host] deactivate tableName prefix(es)

mcblockc [-h mcblockd_host] get tableName ipv4addr

mcblockc [-h mcblockd_host] edit tableName ipv4addr

mcblockc [-h mcblockd_host] getaddrrules tableName

DESCRIPTION

mcblockc is a simple client of mcblockd(8). It allows the user to view the contents of the tables in mcblockd(8) as well as add or remove entries from the tables.
The following command line options are available:
-h mcblockd_host
Specify the mcblockd(8) host to be queried.
Note that the data exhanged with mcblockd(8) is encrypted with AES-128, and authentication is using RSA with 2048-bit keys and ECDH for the initial key exchange.

search ipv4addr

Returns the prefixes from the mcblockd(8) tables that cover the given ipv4addr. Example:
    % mcblockc search 218.64.1.1 
    mail_losers: 
      218.64/11             128d  CN (China) 
    ssh_losers: 
      218.64/11             115d  CN (China) 
    www_losers: 
      218.64/11              83d  CN (China)
The column after the prefix is the number of days remaining before the prefix is deactivated by mcblockd(8). After the days remaining, the country code and country name is shown.

getactive tableName

Returns all of the prefixes in the given tableName, and also a summary of addresses per country for the table. Example:
    % mcblockc getactive ssh_losers 
    ssh_losers: 
      1.9/16                154d  MY (Malaysia) 
      1.20/16               177d  TH (Thailand) 
      1.32.0/17             155d  MY (Malaysia) 
      1.36/16               175d  HK (Hong Kong) 
      1.48/14               152d  CN (China) 
      1.56/13               127d  CN (China) 
      1.160/12              122d  TW (Taiwan) 
      1.180/14              152d  CN (China) 
      1.208/12              162d  KR (Korea) 
      1.224/11              145d  KR (Korea) 
      2.60/14               122d  RU (Russian Federation) 
      2.92/14               127d  RU (Russian Federation) 
      2.176/12              117d  IR (Iran, Islamic Republic of) 
      .... 
  Addresses covered per country: 
    CN 194,816,128 
      /10 networks:   10 (41,943,040 addresses) 
      /11 networks:   25 (52,428,800 addresses) 
      /12 networks:   53 (55,574,528 addresses) 
      /13 networks:   52 (27,262,976 addresses) 
      /14 networks:   46 (12,058,624 addresses) 
      .... 
    BR 47,344,640 
      /10 networks:    8 (33,554,432 addresses) 
      /11 networks:    4 (8,388,608 addresses) 
      /12 networks:    4 (4,194,304 addresses) 
      /13 networks:    5 (2,621,440 addresses) 
      /14 networks:    4 (1,048,576 addresses) 
      ....

loghit tableName ipv4addr

Simulates a log hit for the given ipv4addr in the given table tableName. This simulates the actions taken when mcblocklog(1) sends a loghit to mcblockd(8). Policy from mcblockd.conf(5) is applied. Example:
    % mcblockc loghit ssh_losers 31.192.120.36 
    { 
       "added" : "31.192.112/20", 
       "requested" : "31.192.120.36" 
    }
Note that the response is formatted as simple JSON.

activate tableName prefix(es)

Activates the given prefix(es) in the given table tableName. This is intended as an emergency type of operation (perhaps an ongoing attack), and does not apply policy nor attempt country code lookup (the prefix(es) might span multiple countries). Example:
    % mcblockc activate ssh_losers 31.192.112/20 
    { 
       "prefixes" : [ 
	  { 
	     "added" : "31.192.112/20", 
	     "requested" : "31.192.112/20" 
	  } 
       ], 
       "table" : "ssh_losers" 
    }
Note that the response is formatted as simple JSON.

deactivate tableName prefix(es)

Deactivates the given prefix(es) in the given table tableName. Example:
    % mcblockc deactivate ssh_losers 31.192.112/20 
    { 
       "prefixes" : [ 
	  { 
	     "deactivated" : "31.192.112/20" 
	  } 
       ], 
       "table" : "ssh_losers" 
    }
Note that the response is formatted as simple JSON.

get tableName ipv4addr

Gets the matching entry for ipv4addr from the given table tableName and shows the result in JSON form. Example:
    % mcblockc get www_losers 178.32.209.26 
    { 
       "countryCode" : "FR", 
       "daysRemaining" : 179, 
       "prefix" : "178.32/15", 
       "table" : "www_losers" 
    }

edit tableName ipv4addr

Allows editing of the country code and days remaining for the prefix containing ipv4addr in the given table tableName and shows the result in JSON form. You will be prompted for the country code and daysRemaining, with the current value in []. If you hit enter for a value, the current value will be kept. Example:
    % mcblockc edit www_losers 178.32.209.26 
    Editing prefix 178.32/15 in table www_losers 
    countryCode [FR]: 
    daysRemaining [179]: 200 
    { 
       "countryCode" : "FR", 
       "daysRemaining" : 200, 
       "edited" : true, 
       "prefix" : "178.32/15", 
       "table" : "www_losers" 
    }

getaddrrules tableName

NOT IMPLEMENTED

ENVIRONMENT

If the MCBLOCKDHOST environment variable is set, it will be used as the default mcblockd(8) host when the -h mcblockd_host command line option is not used.

FILES

${HOME}/.dwmauth/id_rsa
The user's dwmauth private key file, created with dwmauth(1). This file should be owned by the user and have permissions 0600. It must contain the private part of a 2048-bit RSA key pair.
${HOME}/.dwmauth/id_rsa.pub
The user's dwmauth public key file, created with dwmauth(1). This file should be owned by the user and have permissions 0600. It must contain the public part of a 2048-bit RSA key pair.
${HOME}/.dwmauth/known_services
The user's dwmauth known services file. This file must contain the public key of mcblockd(8) from the mcblockd(8) host being queried.

SEE ALSO

mcblockd(8), mcblocklog(1), dwmauth(1)

COPYRIGHT

Copyright (c) 2017 Daniel W. McRobb dwm@mcplex.net
April 10, 2017 mcplex.net