Generate Shorewall blacklist from Spamhaus and DShield

Last updated on December 1st, 2010 at 12:42 am

vi /etc/shorewall/makeblacklist

Paste the code below, and save it.

#!/bin/sh

echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist

shorewall refresh &>/dev/null

[adrotate banner=”1″]
run the script

sh /etc/shorewall/makeblacklist

It will generate the blacklist IP in /etc/shorewall/blacklist

You can type

cat /etc/shorewall/blacklist

to view those blocked IPs

Make sure you enable the blacklist in /etc/shorewall/shorewall.conf

vi /etc/shorewall/shorewall.conf

then change this line

BLACKLIST_DISPOSITION=DROP

service shorewall restart
[adrotate banner=”2″]

Tags:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.