Last updated on December 1st, 2010 at 12:42 am
vi /etc/shorewall/makeblacklist
Paste the code below, and save it.
#!/bin/sh
echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist
shorewall refresh &>/dev/null
[adrotate banner=”1″]
run the script
sh /etc/shorewall/makeblacklist
It will generate the blacklist IP in /etc/shorewall/blacklist
You can type
cat /etc/shorewall/blacklist
to view those blocked IPs
Make sure you enable the blacklist in /etc/shorewall/shorewall.conf
vi /etc/shorewall/shorewall.conf
then change this line
BLACKLIST_DISPOSITION=DROP
service shorewall restart
[adrotate banner=”2″]