{"id":373,"date":"2013-10-23T14:58:04","date_gmt":"2013-10-23T14:58:04","guid":{"rendered":"http:\/\/blog.shineservers.com\/?p=373"},"modified":"2013-10-23T14:58:04","modified_gmt":"2013-10-23T14:58:04","slug":"iptables-blacklists","status":"publish","type":"post","link":"https:\/\/www.shineservers.com\/2013\/10\/23\/iptables-blacklists\/","title":{"rendered":"IPtables Blacklists"},"content":{"rendered":"<p>Many of you already use online blacklists to fight spam. Recently I&#8217;ve dicovered\u00a0<a href=\"http:\/\/www.openbl.org\/\">http:\/\/www.openbl.org\/<\/a>\u00a0and started using their lists on my firewall to prevent attacks from hosts that are known to be preforming attacks. It works in a\u00a0very similar way to all the spam blacklists out there, and this is how I&#8217;ve implemented them on my Firewall.<\/p>\n<p>First of all you&#8217;ll need to \u00a0have some packages installed:<\/p>\n<blockquote><p>sudo apt-get install iptables ipset wget<\/p><\/blockquote>\n<p>now create an ipset to store all the abusing IP addresses and use iptables to block them:<\/p>\n<blockquote><p>#!\/bin\/bash<br \/>\nBLOCKDB=&#8221;block.txt&#8221;<br \/>\nWORKDIR=&#8221;\/tmp&#8221;<br \/>\npwd=$(pwd)<br \/>\ncd $WORKDIR<br \/>\n#List of ips to block<br \/>\nipset &#8211;create blackips iphash<br \/>\n## Obtain List of badguys from openbl.org<br \/>\nwget -q -c &#8211;output-document=$BLOCKDB http:\/\/www.openbl.org\/lists\/base.txt<br \/>\nif [ -f $BLOCKDB ]; then<br \/>\nIPList=$(grep -Ev &#8220;^#&#8221; $BLOCKDB | sort -u)<br \/>\nfor i in $IPList<br \/>\ndo<br \/>\nipset &#8211;add blackips $i<br \/>\ndone<br \/>\nfi<br \/>\nrm $BLOCKDB<br \/>\n## Obtain List of badguys from ciarmy.com<br \/>\nwget -q -c &#8211;output-document=$BLOCKDB http:\/\/www.ciarmy.com\/list\/ci-badguys.txt<br \/>\nif [ -f $BLOCKDB ]; then<br \/>\nIPList=$(grep -Ev &#8220;^#&#8221; $BLOCKDB | sort -u)<br \/>\nfor i in $IPList<br \/>\ndo<br \/>\nipset &#8211;add blackips $i<br \/>\ndone<br \/>\nfi<br \/>\nrm $BLOCKDB<br \/>\n## Obtain List of badguys from dshield.org<br \/>\nwget -q -c &#8211;output-document=$BLOCKDB http:\/\/feeds.dshield.org\/top10-2.txt<br \/>\nif [ -f $BLOCKDB ]; then<br \/>\nIPList=$(grep -E &#8220;^[1-9]&#8221; $BLOCKDB | cut -f1 | sort -u)<br \/>\nfor i in $IPList<br \/>\ndo<br \/>\nipset &#8211;add blackips $i<br \/>\ndone<br \/>\nfi<br \/>\nrm $BLOCKDB<br \/>\n#List of networks to block<br \/>\nipset &#8211;create blacknets nethash<br \/>\n## Obtain List of badguys from dshield.org<br \/>\nwget -q -c &#8211;output-document=$BLOCKDB http:\/\/feeds.dshield.org\/block.txt<br \/>\nif [ -f $BLOCKDB ]; then<br \/>\nIPList=$(grep -E &#8220;^[1-9]&#8221; $BLOCKDB | cut -f1,3 | sed &#8220;s\/\\t\/\\\/\/g&#8221; | sort -u)<br \/>\nfor i in $IPList<br \/>\ndo<br \/>\nipset &#8211;add blacknets $i<br \/>\ndone<br \/>\nfi<br \/>\nrm $BLOCKDB<br \/>\n## Obtain List of badguys from spamhaus.org<br \/>\nwget -q -c &#8211;output-document=$BLOCKDB http:\/\/www.spamhaus.org\/drop\/drop.lasso<br \/>\nif [ -f $BLOCKDB ]; then<br \/>\nIPList=$(grep -E &#8220;^[1-9]&#8221; $BLOCKDB | cut -d&#8221; &#8221; -f1 | sort -u)<br \/>\nfor i in $IPList<br \/>\ndo<br \/>\nipset &#8211;add blacknets $i<br \/>\ndone<br \/>\nfi<br \/>\nrm $BLOCKDB<br \/>\n#Drop blacklisted ips<br \/>\niptables -A FORWARD -m set &#8211;match-set blackips src -j DROP<br \/>\niptables -A FORWARD -m set &#8211;match-set blacknets src -j DROP<br \/>\ncd $pwd<\/p><\/blockquote>\n<div>In the above script I&#8217;ve used two ipsets, one for storing IP addresses and another to store network addresses, you can add this scritp to your existing firewall and start taking advantage of the blacklists.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Many of you already use online blacklists to fight spam. Recently I&#8217;ve dicovered\u00a0http:\/\/www.openbl.org\/\u00a0and started using their lists on my firewall to prevent attacks from hosts that are known to be preforming attacks. It works in a\u00a0very similar way to all the spam blacklists out there, and this is how I&#8217;ve implemented them on my Firewall. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[60],"tags":[143],"class_list":["post-373","post","type-post","status-publish","format-standard","hentry","category-linux","tag-iptables-blacklists"],"acf":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/comments?post=373"}],"version-history":[{"count":0,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/posts\/373\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/media?parent=373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/categories?post=373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shineservers.com\/wp-json\/wp\/v2\/tags?post=373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}