Falcon and PeerBlock - Safelist Solution

[jaberwalk]

For those of you that want to use Falcon and Peerblock at the same time, but dont to allow all the IP's for amazon cloud, I made this solution.

The problem is that the IP's provided by amazon cloud can shift around every few days at random, what this script does is gather all the valid IP's for the utorrent servers and generates a safelist which is compatible to be loaded into peerblock, same format as what you would find on iblocklist.com.

I've got this script running on a development web server I've set up via a cron job every 12 hours. It dumps the file in a directory that apache is set up to serve from. Point the allow list to there, and viola, no problemo.

It may be a bit advanced, if you are unsure as to what I'm doing here, then this solution (no offense) probably isnt for you. But if someone out there wants to run this on a public webserver and supply the generated link for everyone to enjoy, then awesome:

#!/bin/bash

FILE="/sites/www.example.com/www/utorrent.txt"

IPLIST=`dig @ns1.utorrent.com utorrent.com axfr |grep -v ";" |awk {'print $5'} |sed 's/-/./g'|sed -r 's/^.*?[^0-9](25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)[^0-9].*$/\1.\2.\3.\4/' | grep -E "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"|sort -u`

echo "# uTorrent Falcon IP Safelist" > $FILE

echo "# Autogenerated on `date`" >> $FILE

for i in $IPLIST

do

echo "uTorrent:$i-$i" >> $FILE

done

Hope this solution helps someone else out there.

[Diftraku]

http://project-moocow.net/utorrent.txt

Updates every 12 hours. Supports conditional get.

I reserve the right to restrict access to the list and/or remove access to it (just to cover my own hide here).

Other than that, play nicely and I'll be happy to keep it up there.

[enstine86]

Thank you the list works perfectly with peerblock.

[Diftraku]

Apparently, since 2nd of Aug, the dig for ns1.utorrent.com has been returning transfer failed for some odd reason. This can be fixed by swapping to ns2.utorrent.com

The list I managed has been out of date since 00:00:04 of 2nd of Aug and will be refreshed immediately to counter the downtime caused by this change.

[Diftraku]

And yet again the utorrent.com name servers have changed. I tried with 3 different servers returning the same results for the Nns.utorrent.com name servers, all failed due to timeout.

I switched my script hosted on project-moocow.net to use the bittorrent.com servers ens-05.bittorrent.com and ens-06.bittorrent.com respectively.

[chaytah]

Hi Diftraku,

Firstly, thanks for your whitelist. It's worked great for a long time.

Recently though (last few months) it's stopped working again. Could you kindly check to see if it's something you can fix easily?

Thanks!

[ciaobaby]

Could you kindly check to see if it's something you can fix easily?

Given that Diftraku hasn't logged in since 2011, that probaly won't happen.

[Diftraku]

Unfortunately all the µTorrent related DNS servers refuse the zone transfer request, making the script obsolete as we have nothing to dig for.

The only way I can see the whitelist returning is for the µTorrent staff to publish the Amazon AWS IPs reserved for the proxies.