This shell script will populate your iptables with foru popular IP blacklists: Spamhaus, Dshield, RBN and Threatstop. These seem to be most complete IP blacklists and reliable currently available on the Internet. The script will try to use ipset for improved performance if available in your system.
Installation
- Download the script blacklist-ip.txt and save it as /usr/local/bin/blacklist-ip.sh
- Add the following rules to your iptables configuration if you don't have ipset (or don't know what it is):
iptables -N blacklists iptables -A FORWARD -j blacklists iptables -A INPUT -j blacklists iptables -A OUTPUT -j blacklists
- Add the following rules to your iptables configuration if you do have ipset:
iptables -N blacklists iptables -A FORWARD -j blacklists iptables -A INPUT -j blacklists iptables -A OUTPUT -j blacklists
- Add cron job (will execute 5:12am daily)
12 05 * * * sh /usr/local/bin/blacklist-ip.sh
What blacklists are used?<ul>
</ul>
License: The script is in public domain.