![]() ![]() But here I have to admit that while doing this we kicked dbus support, I think reimplementing this is the biggest TODO for pgld)Īdded port and protocol logging to the logging of blocked IPs Improved, simplified logging (all messages in the same format for a better reading of the logfile. Improved blocklist handling, including premerging of single blocklists Some bug fixes, especially in variables declaration Pgl changes from the official announcement:īased on nfblock, which is based on moblock ![]() # e.g., block China, Russia, Nigeria (just examples, no offense people) # last I checked, they were being updated as follows: placing something like the following in /etc/cron.hourly): You would call that script from cron, (e.g. usr/bin/logger -p cron.warn "No ipset $ updated." sbin/ipset -create $firewall_ipset iphash -hashsize $hashsize -netmask $netmask If ! $(/sbin/ipset -L $firewall_ipset &>/dev/null) then Hashsize="64" # default is 1024 but 64 is more than needed here Netmask="24" # dshield's list is all class C networks At this time, the list is updated every 15 minutes.ĭata_dir="/var/tmp/dshield" # where to store the downloaded text fileįirewall_ipset="dshield" # name of ipset in your firewall blacklist # Purpose: load Recommended Block List into an ipset in a running This first one you would just call directly from a system crontab entry executing every so often (e.g. ![]() The basics of ipsets are well-documented, but here are two examples of how to dynamically populate and update an ipset from a block list on the 'net somewhere. If you want large, dynamically-updated blacklists, nothing comes anywhere near the speed and resource-efficiency of ipsets (create by the linux kernel "netfilter" developers as an extension to it). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |