On Mon, Dec 19, 2005 at 01:21:12PM -0500, Bruce Dawson wrote: > Ben Scott wrote: > > >On 12/19/05, Bruce Dawson <[EMAIL PROTECTED]> wrote: > > > > > >>I wish there was something like RBL that listed bogons so I could > >>block them. A lot of attacks lately have been coming from them. > >> > >> > > > >http://www.cymru.com/Bogons/ > > > >I'm not sure those are the bogons you are looking for, though. > > > > > They are. > > And this could cut down on the spam coming from bogons (for those who > use sendmail): > > FEATURE(dnsbl, `bogons.dnsiplists.completewhois.com', > `$&{client_addr} blocked by firewall, source IP not assigned (Bogon).' > > (Courtesy of > http://moongroup.com/pipermail/mailhelp/2004-October/001449.html) > > But I guess a better place to stop them would be in tcpwrappers or even > the firewall, but I haven't figured out a way to wedge something like > RBL into tcpwrappers or iptables/ipchains. Any ideas?
For blocking bogons w/iptables I use: iptables -A INPUT -i $INTERNET_IF -s 0.0.0.0/7 -j DROP iptables -A INPUT -i $INTERNET_IF -s 2.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 5.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 7.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 10.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 23.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 27.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 31.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 36.0.0.0/7 -j DROP iptables -A INPUT -i $INTERNET_IF -s 39.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 42.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 49.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 50.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 77.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 78.0.0.0/7 -j DROP iptables -A INPUT -i $INTERNET_IF -s 92.0.0.0/6 -j DROP iptables -A INPUT -i $INTERNET_IF -s 96.0.0.0/4 -j DROP iptables -A INPUT -i $INTERNET_IF -s 112.0.0.0/5 -j DROP iptables -A INPUT -i $INTERNET_IF -s 120.0.0.0/6 -j DROP iptables -A INPUT -i $INTERNET_IF -s 127.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 169.254.0.0/16 -j DROP iptables -A INPUT -i $INTERNET_IF -s 172.16.0.0/12 -j DROP iptables -A INPUT -i $INTERNET_IF -s 173.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 174.0.0.0/7 -j DROP iptables -A INPUT -i $INTERNET_IF -s 176.0.0.0/5 -j DROP iptables -A INPUT -i $INTERNET_IF -s 184.0.0.0/6 -j DROP iptables -A INPUT -i $INTERNET_IF -s 192.0.2.0/24 -j DROP iptables -A INPUT -i $INTERNET_IF -s 192.168.0.0/16 -j DROP iptables -A INPUT -i $INTERNET_IF -s 197.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 198.18.0.0/15 -j DROP iptables -A INPUT -i $INTERNET_IF -s 223.0.0.0/8 -j DROP iptables -A INPUT -i $INTERNET_IF -s 224.0.0.0/3 This bogon list is from: http://www.cymru.com/Bogons/ The aggregated list: http://www.cymru.com/Documents/bogon-bn-agg.txt To get logging copy each line and replace "-j DROP" with -j LOG --log-level debug --log-prefix "Bogon ip drop" To implement an RBL at the firewall, I would do a zone transfer (periodically) from an RBL, dump it and sed it into iptables statements -- Jeff Kinz, Emergent Research, Hudson, MA. speech recognition software may have been used to create this e-mail "The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding." - Brandeis To think contrary to one's era is heroism. But to speak against it is madness. -- Eugene Ionesco _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
