Date: Wed, 21 Sep 2011 18:04:53 +0100 From: Pegasus Mc Cleaft <ken@mthelicon.com> To: freebsd-questions@freebsd.org Subject: Re: Blacklisting DOS IPs Message-ID: <201109211804.53830.ken@mthelicon.com> In-Reply-To: <20110921130608.GA3759@mauricio-desktop> References: <20110921130608.GA3759@mauricio-desktop>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 21 September 2011 14:06:08 Mauricio L=F3pez wrote:
> I'm thinking about making an script using awk and pftop output to watch
> for states that have more than 1Mb of traffic (regular DNS queries
> aren't that big) and put those hosts in a table for blocking. My
> question is if it is there some other more efficient solution for this
> problem.
>=20
> Thanks in advance
Hi Mauricio,=20
I dont know if this will help you, but this is a script I made years ago=20
that I use on my machines. I call the script using cron once a day and let=
=20
IPFW do the filtering for me
HTH
Peg
#!/bin/sh
#automatically fetch the spamhaus zone ban list
cd /root
/usr/bin/fetch http://www.spamhaus.org/drop/drop.lasso
#Let drop all of set 11 from the firewall
/sbin/ipfw delete set 11
#Starting Rule Number
Counter=3D1000
#lets parse the file and cut out the piece we want
for i in `cut -d " " -f 1 drop.lasso | grep -v ";"`
do
echo "Adding rule for: $i "
Counter=3D`expr $Counter + 1`
##Lets add the rule into set 11
/sbin/ipfw add $Counter set 11 deny ip from $i to any
Counter=3D`expr $Counter + 1`
/sbin/ipfw add $Counter set 11 deny ip from any to $i
done
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109211804.53830.ken>