Pasted 2 months, 1 week ago — Expires in 298 days
Hey Alan and Benedict, I’ve implemented a short script which should block malicious IPs at my firewall. This was a long time ago - and I forgot about it. While walking through my system it came to my mind. Now I want to share it with other users, and my future me. :) https://github.com/phlipse/pf-spamhaus-drop It simply downloads the so called DROP lists from Spamhaus and persists them as a table file for pf. Then pf could use it to block all traffic from and to the listed IPs. Because admins are lazy, it integrates as a periodic script which will be executed daily and update the lists. Now you might ask what are these DROP lists? "The Spamhaus DROP (Don't Route Or Peer) lists are advisory drop all traffic lists, consisting of netblocks that are hijacked or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).“ - Spamhaus.org Maybe you want to cover it in your show. The script can easily be modified to grab more lists from the internet. Have a great day!