Date: Wed, 21 Sep 2011 18:04:53 +0100 From: Pegasus Mc Cleaft <ken@mthelicon.com> To: freebsd-questions@freebsd.org Subject: Re: Blacklisting DOS IPs Message-ID: <201109211804.53830.ken@mthelicon.com> In-Reply-To: <20110921130608.GA3759@mauricio-desktop> References: <20110921130608.GA3759@mauricio-desktop>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 21 September 2011 14:06:08 Mauricio L=F3pez wrote: > I'm thinking about making an script using awk and pftop output to watch > for states that have more than 1Mb of traffic (regular DNS queries > aren't that big) and put those hosts in a table for blocking. My > question is if it is there some other more efficient solution for this > problem. >=20 > Thanks in advance Hi Mauricio,=20 I dont know if this will help you, but this is a script I made years ago=20 that I use on my machines. I call the script using cron once a day and let= =20 IPFW do the filtering for me HTH Peg #!/bin/sh #automatically fetch the spamhaus zone ban list cd /root /usr/bin/fetch http://www.spamhaus.org/drop/drop.lasso #Let drop all of set 11 from the firewall /sbin/ipfw delete set 11 #Starting Rule Number Counter=3D1000 #lets parse the file and cut out the piece we want for i in `cut -d " " -f 1 drop.lasso | grep -v ";"` do echo "Adding rule for: $i " Counter=3D`expr $Counter + 1` ##Lets add the rule into set 11 /sbin/ipfw add $Counter set 11 deny ip from $i to any Counter=3D`expr $Counter + 1` /sbin/ipfw add $Counter set 11 deny ip from any to $i done
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109211804.53830.ken>