Re: [Fail2ban-users] Database back end

Thu, 02 Apr 2020 01:04:29 -0700 

On 02/04/2020 02:01, Kenneth Porter wrote:


On 4/1/2020 5:44 PM, Harrison Johnson wrote:

This keeps me slightly ahead of the asshats.

https://www.ip2location.com/free/visitor-blocker



That's quite cool. With a little work the CIDR format could be 
converted to an ipsets file for firewalld or fed directly to its 
command line.



I use https://ip.ludost.net and load it into ipset with:

   ISO="at be ch cy cz de dk es fr gb gr ie it lu mt nl pt eu va sm mc
   je gg im"
   curl -s -d country=1 --data-urlencode "country_list=$ISO" -d
   format_template=prefix https://ip.ludost.net/cgi/process | grep -v
   ^# | while read -r line
   do
        ipset -A -exist country-list-temp $line
   done


The list downloaded is already in CIDR format and has been consolidated 
to the minimum number of subnets.


The fuller script reads:

   #!/bin/bash

   # A list of the ISO country codes can be found at
   http://en.wikipedia.org/wiki/ISO_3166-1
   # Countries are case insensitive for this script

   ISO="at be ch cy cz de dk es fr gb gr ie it lu mt nl pt eu va sm mc
   je gg im"
   MAXELEM=131072

   if [ "`lsmod | grep ip_set`" = "" ]; then
        modprobe ip_set
   fi

   # Destroy country-list-temp in case it exists and is populated
   ipset destroy -q country-list-temp

   # Make sure the new lists exist
   ipset create country-list nethash maxelem $MAXELEM -exist
   ipset create country-list-temp nethash maxelem $MAXELEM -exist

   # Load the country list
   curl -s -d country=1 --data-urlencode "country_list=$ISO" -d
   format_template=prefix https://ip.ludost.net/cgi/process | grep -v
   ^# | while read -r line
   do
        ipset -A -exist country-list-temp $line
   done

   if [ $(ipset list country-list-temp | wc -l) -le 7 ]; then
        logger -t country-list "Update failed"
        echo 'Country List Update failed' | mail -s 'Country List
   Update failed' m...@example.co.uk
        ipset destroy -q country-list-temp
        exit
   fi

   # Make the temp list current
   ipset swap country-list country-list-temp

   # Destroy the (now old) temp list
   ipset destroy -q country-list-temp


If you have a big list, possibly increase MAXELEM to 524288



_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to