Compare commits
6 commits
Author | SHA1 | Date | |
---|---|---|---|
|
334229b1f1 | ||
|
18dd0d57ef | ||
|
40ea8c4cfd | ||
|
67e8ad9f85 | ||
70d3790337 | |||
|
133ba0a75c |
4 changed files with 71 additions and 7 deletions
25
blacklist-as.sh
Normal file
25
blacklist-as.sh
Normal file
|
@ -0,0 +1,25 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Only IPv4 (could be easily IPv6 but need minfirewall / NEEDRESTRICT IPv6-compatible first)
|
||||
|
||||
rpkideny_file=/var/tmp/rpki_deny
|
||||
|
||||
cd /var/tmp
|
||||
|
||||
rm -f $rpkideny_file
|
||||
|
||||
GET http://antispam00.evolix.org/spam/rpki.cidr.md5 > rpki.cidr.md5
|
||||
GET http://antispam00.evolix.org/spam/rpki.cidr > rpki.cidr
|
||||
|
||||
for i in 4134; do
|
||||
|
||||
grep "^$i," rpki.cidr | grep -v '::' >> $rpkideny_file
|
||||
|
||||
done
|
||||
|
||||
/sbin/iptables -F NEEDRESTRICT
|
||||
|
||||
for i in $(cat $rpkideny_file); do
|
||||
BLOCK=$(echo $i | cut -d, -f2)
|
||||
/sbin/iptables -I NEEDRESTRICT -s $BLOCK -j DROP
|
||||
done
|
18
blacklist-asiapacific.sh
Normal file
18
blacklist-asiapacific.sh
Normal file
|
@ -0,0 +1,18 @@
|
|||
#!/bin/sh
|
||||
|
||||
# use it with /sbin/iptables -I INPUT -m set --match-set apnic-ipv4 src -j DROP
|
||||
|
||||
cd /var/tmp
|
||||
|
||||
rm -f $apnicdeny_file
|
||||
|
||||
GET http://antispam00.evolix.org/spam/apnic.cidr.md5 > apnic.cidr.md5
|
||||
GET http://antispam00.evolix.org/spam/apnic.cidr > apnic.cidr
|
||||
|
||||
ipset destroy apnic-ipv4
|
||||
ipset create apnic-ipv4 hash:net
|
||||
|
||||
for i in $(cat /var/tmp/apnic.cidr); do
|
||||
BLOCK=$(echo $i | cut -d"|" -f2)
|
||||
/sbin/ipset add apnic-ipv4 $BLOCK
|
||||
done
|
|
@ -1,5 +1,5 @@
|
|||
# Configuration for minifirewall : https://gitea.evolix.org/evolix/minifirewall
|
||||
# Version 23.07
|
||||
# Version 24.11
|
||||
# shellcheck shell=sh disable=SC2034
|
||||
|
||||
# Main interface
|
||||
|
@ -23,8 +23,7 @@ DOCKER='off'
|
|||
INTLAN='192.0.2.1/32 2001:db8::1/128'
|
||||
|
||||
# Trusted IP addresses for private and semi-public services
|
||||
# TODO: add all our IPv6 adresses
|
||||
TRUSTEDIPS='31.170.9.129 2a01:9500:37:129::/64 31.170.8.4 2a01:9500::fada 82.65.34.85 2a01:e0a:571:2a10::1 54.37.106.210 51.210.84.146'
|
||||
TRUSTEDIPS='31.170.9.129 2a01:9500:37:129::/64 31.170.8.4 2a01:9500::fada 82.65.34.85 2a01:e0a:571:2a10::1 46.231.240.96 2a0c:e303:0:6000::/57 54.37.106.210 2001:41d0:8:8b70::210 51.210.84.146 2001:41d0:8:8b70::146'
|
||||
|
||||
# Privilegied IP addresses for semi-public services
|
||||
# (no need to add again TRUSTEDIPS)
|
||||
|
@ -34,7 +33,7 @@ PRIVILEGIEDIPS=''
|
|||
# Local services IP restrictions
|
||||
#######################################
|
||||
|
||||
# Protected services
|
||||
# Protected services (protected by NEEDRESTRICT chain, to customize in your own way)
|
||||
# (add also in Public services if needed)
|
||||
SERVICESTCP1p='22222'
|
||||
SERVICESUDP1p=''
|
||||
|
@ -43,11 +42,11 @@ SERVICESUDP1p=''
|
|||
SERVICESTCP1='22222'
|
||||
SERVICESUDP1=''
|
||||
|
||||
# Semi-public services (IPv4)
|
||||
# Semi-public services (for IPv4/IPv6 from PRIVILEGIEDIPS *and* TRUSTEDIPS)
|
||||
SERVICESTCP2='22'
|
||||
SERVICESUDP2=''
|
||||
|
||||
# Private services (IPv4)
|
||||
# Private services (for IPv4/IPv6 from TRUSTEDIPS only)
|
||||
SERVICESTCP3='5666'
|
||||
SERVICESUDP3=''
|
||||
|
||||
|
@ -102,7 +101,7 @@ BACKUPSERVERS=''
|
|||
#
|
||||
# Within included files, you can use those helper functions :
|
||||
# * is_ipv6_enabled: returns true if IPv6 is enabled, or false
|
||||
# * is_docker_enabled: returns true if Docker mode is eabled, or false
|
||||
# * is_docker_enabled: returns true if Docker mode is enabled, or false
|
||||
# * is_proxy_enabled: returns true if Proxy mode is enabled , or false
|
||||
|
||||
|
||||
|
|
22
rpki.sh
Normal file
22
rpki.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
|
||||
umask 022
|
||||
|
||||
tmp_rpki_file="/var/tmp/tmp_rpki.cidr"
|
||||
rpki_file="/var/tmp/rpki.cidr"
|
||||
|
||||
rm -f $rpki_file
|
||||
|
||||
YEAR_TODAY=$( date +%Y )
|
||||
MONTH_TODAY=$( date +%m )
|
||||
DAY_TODAY=$( date +%d )
|
||||
|
||||
wget -q -O- https://ftp.ripe.net/ripe/rpki/ripencc.tal/${YEAR_TODAY}/${MONTH_TODAY}/${DAY_TODAY}/roas.csv.xz | unxz | grep ^rsync > $tmp_rpki_file
|
||||
wget -q -O- https://ftp.ripe.net/ripe/rpki/arin.tal/${YEAR_TODAY}/${MONTH_TODAY}/${DAY_TODAY}/roas.csv.xz | unxz | grep ^rsync >> $tmp_rpki_file
|
||||
wget -q -O- https://ftp.ripe.net/ripe/rpki/afrinic.tal/${YEAR_TODAY}/${MONTH_TODAY}/${DAY_TODAY}/roas.csv.xz | unxz | grep ^rsync >> $tmp_rpki_file
|
||||
wget -q -O- https://ftp.ripe.net/ripe/rpki/lacnic.tal/${YEAR_TODAY}/${MONTH_TODAY}/${DAY_TODAY}/roas.csv.xz | unxz | grep ^rsync >> $tmp_rpki_file
|
||||
|
||||
cat $tmp_rpki_file | cut -d, -f2,3 | sed 's/^AS//' | sort > $rpki_file
|
||||
|
||||
md5sum $rpki_file > /var/www/spam/rpki.cidr.md5
|
||||
mv $rpki_file /var/www/spam/
|
Loading…
Add table
Reference in a new issue