Git Product home page Git Product logo

sub2rbl's Introduction

sub2rbl

Implements iptables RBL blocking using ipset - @robzr

Subscribe to RBL - minimalist OpenWRT (Chaos Calmer) script to download and compile IP based and CIDR (net) based RBLs from various sources into ipsets and insert rules into iptables which drops packets originating from entries in RBLs.

The included config file (/etc/config/sub2rbl) includes a number of IP based RBLs (primarily based on ssh brute force scanning) and Spamhaus DROP/EDROP net based RBLs (based on hijacked IP ranges used by spammers and cyber-criminals).

Dependencies

  • ipset + kmod-ipt-ipset for basic operation
  • curl + ca-certificates recommended for HTTPS RBLs (configured by default) -or-
  • wget + openssl-util + ca-certificates is an alternative to curl (GNU wget)

sub2rbl will intelligently select best option between curl/wget. To force the use of one, or modify the behavior, use the uci option "webGetCmd" (read script for details)

Logging

sub2rbl logs to syslog, so use the logread command to view the log. Optionally, use "-f stdout" to log to stdout, and "-l 2" or "-l 3" to increase logging verbosity.

Config

sub2rbl runs out of the box with sane settings. Config options are stored in /etc/config/sub2rbl and are overridable at runtime with command line arguments. sub2rbl -h for a list of arguments.

Installation

opkg install ipset kmod-ipt-ipset curl ca-certificates
wget -O /etc/config/sub2rbl http://rawgit.com/robzr/sub2rbl/master/config/sub2rbl
wget -O /usr/sbin/sub2rbl http://rawgit.com/robzr/sub2rbl/master/sub2rbl
chmod 755 /usr/sbin/sub2rbl
echo /usr/sbin/sub2rbl >> /etc/firewall.user
echo '0 */6 * * * /usr/sbin/sub2rbl' >> /etc/crontabs/root
/etc/init.d/cron enable
# And to watch it in action, for the first run, try:
sub2rbl -l 2 -f stdout

Monitoring

You can take a look at the packet counts (first column) to see how many connection attempts the sub2rbl sets have prevented.

root@gw:~# iptables -nvL input_wan_rule
Chain input_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set sub2rbl-net src
  204 12572 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set sub2rbl src
 3390  389K bearDropper  all  --  *      *       0.0.0.0/0            0.0.0.0/0

TBD

  • package
  • ipv6

Also see the sister project bearDropper for log based bans: http://github.com/robzr/bearDropper

sub2rbl's People

Contributors

robzr avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.