I would love to pull in all that fun stuff from this nice tool
http://blacklist.linuxadmin.org/
Of course that makes the iptables ruleset.
I am very interested in how we could do this easily for the entire
community.
Wish I knew code better - write a little script to create all of these.
:-)
On Sep 23, 2008, at 10:47 AM, Derrick Conner wrote:
Darn good idea! I'm going to set that up right now. Thanks!
Don't know why this didn't come to me.
Derrick
-----Original Message-----
From: Glenn Kelley [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 11:21 PM
To: [email protected]
Subject: Re: [pfSense Support] blocking spammers xml
I did these a little different...
in XML I added
in filters section
<filters>
<rule>
<type>block</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os></os>
<protocol>tcp/udp</protocol>
<source>
<address>spammers</address>
</source>
<destination>
<any/>
<port>25</port>
</destination>
<descr>spammers</descr>
</rule>
</filters>
then below the rules / filters section
<aliases>
<alias>
<name>spammers</name>
<address>66.0.0.0/8 66.0.0.0/8 78.0.0.0/8
79.0.0.0/8 80.0.0.0/8
81.0.0.0/8 82.0.0.0/8 83.0.0.0/8 84.0.0.0/8 85.0.0.0/8 86.0.0.0/8
87.0.0.0/8 88.0.0.0/8 89.0.0.0/8 90.0.0.0/8 91.0.0.0/8 92.0.0.0/8
93.0.0.0/8 94.0.0.0/8 95.0.0.0/8 116.0.0.0/8 121.0.0.0/8 122.0.0.0/8
123.0.0.0/8 124.0.0.0/8 125.0.0.0/8 194.0.0.0/8 195.0.0.0/8
200.0.0.0/8 201.0.0.0/8 202.0.0.0/8 203.0.0.0/8 210.0.0.0/8
190.0.0.0/8</address>
<descr>SMTP Block Known Spam Networks</descr>
<type>network</type>
<detail>smtp block spam Canada||smtp block Spam
Canada||smtp block
Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||
smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam
Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp
block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam
Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp
block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam
Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp
block Spam Asia||smtp block Spam Amsterdam||smtp block Spam
Amsterdam||
smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp block Spam
Amsterdam||smtp block Spam Amsterdam||smtp block Spam Amsterdam||smtp
block Spam Mexico||smtp block Spam Mexico||smtp block Spam Mexico||
smtp block Spam Mexico||smtp block Spam Mexico||smtp block Spam
Mexico||</detail>
</alias>
</aliases>
Seems to work well.
On Sep 22, 2008, at 9:25 PM, Derrick Conner wrote:
I've attached my cleaned up XML of all the subnets I block. Feel
free to post it, or whatever you want to do with it. I would have
sent
it to Joe Laffey, but I think my spam filter got him.
Derrick
-----Original Message-----
From: Glenn Kelley [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2008 10:43 AM
To: [email protected]
Subject: Re: [pfSense Support] blockign china
I would need to know perl .
I have given my wife a few of those in the past....
hmmm
going to her jewlery box
all kidding aside - i think your right.
I will see what I can come up w/ - i think this might help the
pfsense
community @ large.
In fact - it seems simple enough - it might make a very simple pkg
just a thought -
I think if it were a pkg - it could then parse those lists every
month
or so - cron job 1 time per month
and then reinject the changes
This way it stays up to date...
I would say 95% of the hacking attempts we are seeing in our
datacenter are all out of China and Korea -
the last 5 % would be say 4% from Russia and 1% from script kiddies
in
the US
Then again 99.256% of all statistics are made up 98.721% of the time
I know my #'s are close however
Glenn
On Sep 22, 2008, at 10:08 AM, Joe Laffey wrote:
On Mon, 22 Sep 2008, Glenn Kelley wrote:
Thanks Joe -
I saw that...
My concern was typing all of those into the system one by one by
one...
Its okay if I gotta do it :-)
My hope was that someone already has - and that they could put out
that part of their xml file - so the community could all benefit.
I would think you could write a perl script to convert those into a
segment of XML that you could then paste into a saved config. Then
reload that config.
--
Joe Laffey | Visual Effects for Film and Video
LAFFEY Computer Imaging |
-------------------------------------
St. Louis, MO | Show Reel http://LAFFEY.tv/?e11861
USA |
-------------------------------------
. | -*- Digital Fusion Plugins -*-
------------------------------------------------------------------------
--
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<Big
Spammers
.zip
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
