8/4/2023 0 Comments Peerguardian block ipWget -O - > /etc/sysconfig/blacklistopenblĬat /etc/sysconfig/blacklistopenbl > /etc/sysconfig/blacklist #get list from openbl printf "\n Get files: openbl" ![]() Wget -O -no-check-certificate =badips > /etc/sysconfig/blacklistzeusĬat /etc/sysconfig/blacklistzeus > /etc/sysconfig/blacklist #get list from zeustracker printf "\n Get files: zeus" Printf "\n Amount of line %s \n" `cat /etc/sysconfig/blacklist | wc -l Wget -O - > /etc/sysconfig/blacklistmalc0deĬat /etc/sysconfig/blacklistmalc0de > /etc/sysconfig/blacklist #get list from malc0de printf "\n Get files: malc0de" With other words: some bug fixes, uses less memory, improved logging (including protocol and ports of blocked IPs).Īnd for those who can't use my deb packages: much more easier to install.#!/bin/bash - # by burningpenguin: scriptblacklistip # add blocked IPs to the firewall to not be accessed from green/blue # initial version # usage # extend by adding this section per blacklist url #get list from ?service? # printf "\n Get files: ?service?" # wget -O - http:?url? > /etc/sysconfig/blacklisttmp # cat /etc/sysconfig/blacklisttmp > /etc/sysconfig/blacklist #empty temp file Paths in the scripts get adjusted automatically. Installation paths are finally configurable in the Makefile. Thanks Cade, for all this work here! Of course Jindrich and Morpheus have to be credited for their underlying work, too! But here I have to admit that while doing this we kicked dbus support, I think reimplementing this is the biggest TODO for pgld)Īdded port and protocol logging to the logging of blocked IPs Improved, simplified logging (all messages in the same format for a better reading of the logfile. Improved blocklist handling, including premerging of single blocklists Some bug fixes, especially in variables declaration Pgl changes from the official announcement:īased on nfblock, which is based on moblock ![]() # e.g., block China, Russia, Nigeria (just examples, no offense people) # last I checked, they were being updated as follows: placing something like the following in /etc/cron.hourly): You would call that script from cron, (e.g. usr/bin/logger -p cron.warn "No ipset $ updated." sbin/ipset -create $firewall_ipset iphash -hashsize $hashsize -netmask $netmask If ! $(/sbin/ipset -L $firewall_ipset
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |