paramah/ossec-blacklist
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

example from iptables

Browse Source
This commit is contained in:
Pawel Krawczyk
2015-07-09 15:16:27 +01:00
parent 75facf667a
commit f31e9e35eb
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
blacklist.sh
View File

@@ -15,6 +15,18 @@ urls="$urls https://www.blocklist.de/downloads/export-ips_all.txt"
# badips.com, from score 2 up
urls="$urls http://www.badips.com/get/list/ssh/2"
# This is how it will look like on the server
# Chain blocklists (2 references)
# pkts bytes target prot opt in out source destination
# 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 match-set manual-blacklist src,dst limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "BLOCK manual-blacklist "
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set manual-blacklist src,dst
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set rules.emergingthreats src
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set rules.emergingthreats dst
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set www.blocklist.de src
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set www.blocklist.de dst
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set www.badips.com src
# 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set www.badips.com dst
blocklist_chain_name=blocklists
if [ -z "$(which ipset 2>/dev/null)" ]; then