Generate Shorewall blacklist from Spamhaus and DShield

vi /etc/shorewall/makeblacklist

Paste the code below, and save it.

#!/bin/sh

echo "#ADDRESS/SUBNET PROTOCOL PORT" > /tmp/blacklist
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist

shorewall refresh &>/dev/null


run the script

sh /etc/shorewall/makeblacklist

It will generate the blacklist IP in /etc/shorewall/blacklist

You can type

cat /etc/shorewall/blacklist

to view those blocked IPs

Make sure you enable the blacklist in /etc/shorewall/shorewall.conf

vi /etc/shorewall/shorewall.conf

then change this line

BLACKLIST_DISPOSITION=DROP

service shorewall restart


Tags: , , , , , ,

Translate

Buy me a Caffè Latte

Thank you for the Caffè Latte

2013/02/15 saw art
2013/01/25 Parul Patel
2012/11/20 Barbara Nicholas $10
2012/10/08 Amy Stockman $5
2012/07/15 siewho chang $ 50
2012/06/08 Susan Hampton $10
2012/05/11 Chris Grima $10