Iptables blacklist generator

in

This shell script will populate your iptables with foru popular IP blacklists: Spamhaus, Dshield, RBN and Threatstop. These seem to be most complete IP blacklists and reliable currently available on the Internet. The script will try to use ipset for improved performance if available in your system.

Installation

  • Download the script blacklist-ip.txt and save it as /usr/local/bin/blacklist-ip.sh
  • Add the following rules to your iptables configuration if you don't have ipset (or don't know what it is):
    iptables -N blacklists
    iptables -A FORWARD -j blacklists
    iptables -A INPUT -j blacklists
    iptables -A OUTPUT -j blacklists
    
  • Add the following rules to your iptables configuration if you do have ipset:
    iptables -N blacklists
    iptables -A FORWARD -j blacklists
    iptables -A INPUT -j blacklists
    iptables -A OUTPUT -j blacklists
    
  • Add cron job (will execute 5:12am daily)
    12 05 * * * sh /usr/local/bin/blacklist-ip.sh

<

p>What blacklists are used?

License: The script is in public domain.

Comments

Comment viewing options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Select your preferred way to display the comments and click "Save settings" to activate your changes.

Thanks for a useful script. Now that ipset is widely provided, it is handy to use it for such task. A couple of comments:

  • nethash may sometime fail to work for Spamhaus drop list. See Debian bug 583079. Switching to iphash when such cases appear may work.
  • There is a copyright notice, but no license is mentioned.

no i gdzie ten plik? nie ma ...

Już jest - firewall nie puszczał rozszerzenia .sh :)