Blacklisting DOS IPs
Pegasus Mc Cleaft
ken at mthelicon.com
Wed Sep 21 17:20:27 UTC 2011
On Wednesday 21 September 2011 14:06:08 Mauricio López wrote:
> I'm thinking about making an script using awk and pftop output to watch
> for states that have more than 1Mb of traffic (regular DNS queries
> aren't that big) and put those hosts in a table for blocking. My
> question is if it is there some other more efficient solution for this
> problem.
>
> Thanks in advance
Hi Mauricio,
I dont know if this will help you, but this is a script I made years ago
that I use on my machines. I call the script using cron once a day and let
IPFW do the filtering for me
HTH
Peg
#!/bin/sh
#automatically fetch the spamhaus zone ban list
cd /root
/usr/bin/fetch http://www.spamhaus.org/drop/drop.lasso
#Let drop all of set 11 from the firewall
/sbin/ipfw delete set 11
#Starting Rule Number
Counter=1000
#lets parse the file and cut out the piece we want
for i in `cut -d " " -f 1 drop.lasso | grep -v ";"`
do
echo "Adding rule for: $i "
Counter=`expr $Counter + 1`
##Lets add the rule into set 11
/sbin/ipfw add $Counter set 11 deny ip from $i to any
Counter=`expr $Counter + 1`
/sbin/ipfw add $Counter set 11 deny ip from any to $i
done
More information about the freebsd-questions
mailing list