Perl - Null Route (Blackhole)

Null routing or to blackhole is the networking term to route a specific host or network to a non-routed network (eg 127.0.0.1 on lo). This is used in lieu of iptables to block unwanted hosts and/or networks specifically when an attacks or DoS is inbound to your host.  Why use this technique instead of iptables (DROP/REJECT) polices? Iptables can be CPU intensive when writing firewall policies the rules can be large and ugly when you start adding networks and hosts to this as part of a reject/block policy.  It adds to the CPU load and potentially causes a DoS whereas adding a route to a non existent device uses minimal CPU usage in comparison. Here is a quick script that I made to add and delete hosts/networks to the route tables.

Note: Use caution when blocking hosts/networks

----- cut here -----

#!/usr/bin/perl

use strict;
my $host;
my $cmd;

if (@ARGV < 1){
       print "Copyright 2007, SYNOS Technologies(null-route), Version 1.0.1\n";
       print "Usage: null-route [block=(ip/net)] [command=(add|del)]\n\n";
       print "\t Example(Add host): null-route 10.10.22.1 add\n";
       print "\t Example(Add net): null-route 10.10.0.0/16 add\n";
       print "\t Example(Del net): null-route 10.10.0.0/16 del\n";
       exit;
};

sub cmd{
 $host = $ARGV[0];
 $cmd = $ARGV[1];
 if (( $host ne '') && ( $cmd ne '' )){
         if ($cmd eq 'add'){
                system ("ip route add blackhole $host");
        }
         if ($cmd eq 'del'){
                system ("ip route del $host");
        }
 }
 exit;
}
&cmd;

----- cut here -----

Creating IT Harmony