Home > Linux > Generate ShoreWall blacklist from Spamhaus and DShield

Generate ShoreWall blacklist from Spamhaus and DShield

February 21st, 2009
Goto comments Leave a comment

I wrote a bash script to automatically generate Shorewall blacklist from Spamhaus drop list and dshield.org’s block list .

Do not run this script automatically if ssh is the only mean you connect to your server, because you can accidentally blacklist yourself. And you may not run it more often then once per hour due to spamhaus limitation.

#!/bin/sh
 
echo "#ADDRESS/SUBNET         PROTOCOL        PORT" > /tmp/blacklist
wget  -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print $1;}' >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist
 
shorewall refresh &>/dev/null

I also use fail2ban to generate dynamic shorewall ban list.

UPDATE: And don’t forget enable blacklist option in /etc/shorewall/shorewall.conf

BLACKLIST_DISPOSITION=DROP
Bookmark and Share  
 

Yejun Linux , , , , ,

  1. Jorge Armando Medina
    August 4th, 2009 at 13:58 | #1
    Reply | Quote

    You requiere to enable “blacklist” option to a network interface in /etc/shorewall/interfaces, something like:

    /etc/shorewall/interfaces
    eth0 detect blacklist

  2. TuxNux
    September 14th, 2009 at 23:55 | #2
    Reply | Quote

    thank, very good script

  1. No trackbacks yet.