12-30-2023, 01:24 AM
(12-29-2023, 11:14 AM)h4 Wrote:(12-27-2023, 03:29 AM)m0n Wrote: #!/usr/bin/bash
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -N shitlist
echo applying standard rules
/usr/bin/sh /root/iptables2
echo blocking custom blacklist
/usr/bin/sh /root/.blacklist/blacklist.sh
echo blocking China
/usr/bin/sh /root/.blacklist/cn.sh
echo blocking Russia
/usr/bin/sh /root/.blacklist/ru.sh
echo blocking Brasil
/usr/bin/sh /root/.blacklist/br.sh
echo blocking Iran
/usr/bin/sh /root/.blacklist/ir.sh
echo blocking known scanners
/usr/bin/sh /root/.blacklist/scanners.sh
echo blocking stretchoid scanners
/usr/bin/sh /root/.blacklist/stretchoid.sh
echo blocking shadowserver scanners
/usr/bin/sh .blacklist/shadowserver.sh
echo block TOR exit nodes
/usr/bin/sh /root/.blacklist/tor.sh
Mind giving insight on those blacklist scripts or reveal your sources?
I'm currently using geoipsets and ipset to deny/drop traffic from certain countries
Source I've used for country specific CIDR networks: https://ipv4.fetus.jp/cn.txt
Custom lists that are updated daily:
https://www.m0n.org/pfblocker/stretchoid.txt
https://www.m0n.org/pfblocker/paloalto.txt
https://www.m0n.org/pfblocker/censys.txt
https://www.m0n.org/pfblocker/blacklist.txt (random but persistent shitty bots/scanners)
Example bash script I've written using RH iptables-services for cn.sh
Code:
_input=/root/.blacklist/cn.db
IPT=/usr/sbin/iptables
while IFS= read -r ip
do
$IPT -I INPUT -i ens3 -s $ip -m comment --comment "CHINA" -j DROP
done < "$_input"