Now using ipset, added more lists, resarched and looked around for how to script it better. Now all will be able to wget from wizcraft (blocked my VPS, but not local machine so I suspect IP blocks are blocked from them), however there seems to be a lot of overlap of the addresses so I don't think it will be an issue. Averages around ~47,000 IP addresses as opposed to the original couple thousand just from blocklist.de. Does not require Fail2Ban to work just iptables, and of course iptables-persistent to keep changes.

2026-03-25 19:17:22 +01:00 · 2016-06-29 09:32:16 -04:00
parent 6c808a5654
commit 39644bd29e
3 changed files with 54 additions and 90 deletions
--- a/setup/blocklist.sh
+++ b/setup/blocklist.sh
@@ -7,9 +7,13 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars

-cp conf/blocklist/sync-fail2ban /etc/cron.daily/sync-fail2ban
-chmod a+x /etc/cron.daily/sync-fail2ban
-time /etc/cron.daily/sync-fail2ban
 echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
-apt_install iptables-persistent
+apt_install -y ipset 
+ipset create blacklist hash:net
+iptables -I INPUT -m set --match-set blacklist src -j DROP
+cp conf/blocklist/blocklist /etc/cron.daily/blocklist
+chmod a+x /etc/cron.daily/blacklist
+time /etc/cron.daily/blacklist
+apt_install -y iptables-persistent
+echo "Blacklist has been installed. It will run daily automatically."