On 6/6/2019 12:16 AM, Denis Rasulev wrote:
Would it be possible to share ipset for DigitalOcean and link to Amazon net blocks?
Here's what I used to get DO's list. I'd love to script this. https://bgp.he.net/search?search%5Bsearch%5D=digitalocean Here's a Python script to grab Amazon's netblocks and dump them into two zone files (IPv4 and IPv6) for import into ipsets by firewalld: https://gist.github.com/SpareSimian/d1c1be59676ebbb42b89b668fe76329a Here's my rules from direct.xml to block them from my authenticated services. <passthrough ipv="ipv4">-I INPUT 1 -p tcp -m multiport --dports ssh,submission,465,pop3,pop3s,imap,imaps,sieve -m set --match-set NonUS src -m conntrack --ctstate NEW -j DROP</passthrough> <passthrough ipv="ipv4">-I INPUT 1 -p tcp -m multiport --dports ssh,submission,465,pop3,pop3s,imap,imaps,sieve -m set --match-set AmazonIPv4 src -m conntrack --ctstate NEW -j DROP</passthrough> <passthrough ipv="ipv4">-I INPUT 1 -p tcp -m multiport --dports ssh,submission,465,pop3,pop3s,imap,imaps,sieve -m set --match-set DigitalOcean src -m conntrack --ctstate NEW -j DROP</passthrough>
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
