Spamhaus droplist
April 29th, 2009
Powered by Max Banner Ads
#!/bin/bash #Script to add firewall rules to a linux system to completely block #all traffic to and from networks in the spamhaus drop list. #Copyright 2009, William Stearns, wstearns@pobox.com #Released under the GPL. This and other tools can be found at #http://www.stearns.org/ #Sole (optional) command line parameter is the file location of the #drop list, such as: #cd /var/lib/ #wget http://www.spamhaus.org/drop/drop.lasso # ./spamhaus-drop /var/lib/drop.lasso #While the DROP file should be regularly updated, this should #probably be about once per day or less frequently; do _not_ #download DROP more than once an hour. if [ -n "$1" ]; then DropList="$1" else DropList="./drop.lasso" fi if [ ! -s "$DropList" ]; then echo "Unable to find drop list file $DropList . Perhaps do:" >&2 echo "wget http://www.spamhaus.org/drop/drop.lasso -O $DropList" echo "exiting." >&2 exit 1 fi if [ ! -x /sbin/iptables ]; then echo "Missing iptables command line tool, exiting." >&2 exit 1 fi cat "$DropList" \ | sed -e 's/;.*//' \ | grep -v '^ *$' \ | while read OneNetBlock ; do /sbin/iptables -I INPUT -s "$OneNetBlock" -j DROP /sbin/iptables -I OUTPUT -d "$OneNetBlock" -j DROP /sbin/iptables -I FORWARD -s "$OneNetBlock" -j DROP /sbin/iptables -I FORWARD -d "$OneNetBlock" -j DROP done |
Debian, Linux, Shell, Uncategorized, bash, droplist, sed, spam, spamhaus
