external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

credits

Browse Source
This commit is contained in:
ChiefGyk 2016-06-30 14:56:27 -04:00
commit 22d173ff80
2 changed files with 76 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -1,3 +1,4 @@
<<<<<<< HEAD
# ipset-assassin # ipset-assassin
ipset-assassin (formerly named blocklist) ipset-assassin (formerly named blocklist)
This will install a cron to run daily and pull lists from multiple sites to block malicious IP addresses. Adding around ~40,000 or more IP addresses per day, all voluntarily and freely contributed. If setting up Fail2Ban I suggest you help contribute to blocklist.de which is one of the lists used here. This will install a cron to run daily and pull lists from multiple sites to block malicious IP addresses. Adding around ~40,000 or more IP addresses per day, all voluntarily and freely contributed. If setting up Fail2Ban I suggest you help contribute to blocklist.de which is one of the lists used here.
@ -9,7 +10,7 @@ Tested on Ubuntu 14.04LTS for my own servers, so please test on your own systems
I have also added the capability to block all Chinese and/or Korean IP Addresses in 2.1 as a good number of spam and malicious activity are linked to them. Towards the end after ipset has added thousands of IP addresses, a dialog will appear giving the option to choose if you want to block China, Korea, both, or neither. Simply select the option you desire and it will take care of the rest. The Korean and/or Chinese addresses will only update weekly, as it blocks entire IP blocks off assigned to the country/countries you have chosen. I may add more countries down the line if need be. I have also added the capability to block all Chinese and/or Korean IP Addresses in 2.1 as a good number of spam and malicious activity are linked to them. Towards the end after ipset has added thousands of IP addresses, a dialog will appear giving the option to choose if you want to block China, Korea, both, or neither. Simply select the option you desire and it will take care of the rest. The Korean and/or Chinese addresses will only update weekly, as it blocks entire IP blocks off assigned to the country/countries you have chosen. I may add more countries down the line if need be.
2.2 added Dshields top 20 blocks of IP addresses that are malicious, and blocks them daily. It has been merged into the /etc/cron.daily/blacklist created prior. The Dshield script was originally found at https://github.com/koconder/dshield_automatic_iptables 2.2 added Dshields top 20 blocks of IP addresses that are malicious, and blocks them daily.
2.3 is a big fix for some bugs I had, so longer requires editing interfaces file. Instead install iptables-persistent, replaces the /etc/init.d/iptables-persistent with another one on GitHub. Read below where it says ipsets-persistent 2.3 is a big fix for some bugs I had, so longer requires editing interfaces file. Instead install iptables-persistent, replaces the /etc/init.d/iptables-persistent with another one on GitHub. Read below where it says ipsets-persistent
@ -30,3 +31,10 @@ init.d script for iptables-persistent on Debian/Ubuntu that also saves/loads ips
I added checking for and saving ipsets. sets are saved in the same place as the other rules in a file named rules.ipset. Rules are only saved if they are defined, same with flushing and loading. Instead of checking to see if ipset is installed on the load, I just check for the rules.ipset file, since if that doesn't exist loading does't make sense. There might be better ways to do it, feel free to submit a pull etc. this is just the way I made it work for me. I added checking for and saving ipsets. sets are saved in the same place as the other rules in a file named rules.ipset. Rules are only saved if they are defined, same with flushing and loading. Instead of checking to see if ipset is installed on the load, I just check for the rules.ipset file, since if that doesn't exist loading does't make sense. There might be better ways to do it, feel free to submit a pull etc. this is just the way I made it work for me.
=======
dshield_automatic_iptables
https://github.com/koconder/dshield_automatic_iptables
==========================
Auto Import dshield blocklist and import to iptables as a chain. It has been merged into the /etc/cron.daily/blacklist created prior in conf/blacklist.

67
dshield_auto.sh Normal file
View File

@ -0,0 +1,67 @@
#!/bin/bash
# Written by Onder Vincent Koc
# @url: https://github.com/koconder/dshield_automatic_iptables
# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist
#
# Dshield Automatic Import to iptables
# Import Dshield Blocklist in a basic shell script which will run silently via cron
# and also use a seprate chain file to support other iptables rules without flushing
# i.e. fail2ban and ddosdeflate
# path to iptables
IPTABLES="/sbin/iptables";
# list of known spammers
URL="http://feeds.dshield.org/block.txt";
# save local copy here
FILE="/tmp/dshield_block.text";
# iptables custom chain
CHAIN="dshield";
# check to see if the chain already exists
$IPTABLES -L $CHAIN -n
# check to see if the chain already exists
if [ $? -eq 0 ]; then
# flush the old rules
$IPTABLES -F $CHAIN
echo "Flushed old rules. Applying updated dsheild list...."
else
# create a new chain set
$IPTABLES -N $CHAIN
# tie chain to input rules so it runs
$IPTABLES -A INPUT -j $CHAIN
# don't allow this traffic through
$IPTABLES -A FORWARD -j $CHAIN
echo "Chain not detected. Creating new chain and adding dsheild list...."
fi;
# get a copy of the spam list
wget -qc $URL -O $FILE
blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n)
for IP in $blocklist
do
# add the ip address log rule to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dsheild BLOCK]" -m limit --limit 3/min --limit-burst 10
# add the ip address to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
echo $IP
done
echo "Done!"
# remove the spam list
unlink $FILE