Iptables blacklist generator

Submitted by Paweł Krawczyk on pon., 2008-09-22 16:03

This shell script will populate your iptables with foru popular IP blacklists: Spamhaus, Dshield, RBN and Threatstop. These seem to be most complete IP blacklists and reliable currently available on the Internet. The script will try to use ipset for improved performance if available in your system.

Installation

  • Download the script blacklist-ip.txt and save it as /usr/local/bin/blacklist-ip.sh
  • Add the following rules to your iptables configuration if you don't have ipset (or don't know what it is):
    iptables -N blacklists
iptables -A FORWARD -j blacklists
iptables -A INPUT -j blacklists
iptables -A OUTPIT -j blacklists
  • Add the following rules to your iptables configuration if you do have ipset:
    iptables -N blacklists
iptables -A FORWARD -j blacklists
iptables -A INPUT -j blacklists
iptables -A OUTPIT -j blacklists
  • Add cron job (will execute 5:12am daily)
    12 05 * * * sh /usr/local/bin/blacklist-ip.sh

What blacklists are used?

License: The script is in public domain.

Odpowiedzi

Opcje wyświetlania odpowiedzi

Wybierz preferowany sposób wyświetlania odpowiedzi i kliknij "Zapisz ustawienia" by wprowadzić zmiany.

Thanks for a useful script. Now that ipset is widely provided, it is handy to use it for such task. A couple of comments:

  • nethash may sometime fail to work for Spamhaus drop list. See Debian bug 583079. Switching to iphash when such cases appear may work.
  • There is a copyright notice, but no license is mentioned.
Submitted by alevesely on wt., 2011-03-29 19:19.

no i gdzie ten plik? nie ma ...

Submitted by Anonymous (niezweryfikowany) on ndz., 2010-04-04 09:36.

Już jest - firewall nie puszczał rozszerzenia .sh :)

Submitted by Paweł Krawczyk on ndz., 2010-04-04 09:47.