firewall | wiki bubu IT

firehol

ai firehol firehol-tools ulogd2
sc-status firehol
sc-start firehol
sc-restart firehol

vim /etc/default/firehol

START_FIREHOL=YES

vim /etc/firehol/firehol-defaults.conf +461

t /var/log/ulog/syslogemu.log

# IPTABLES PACKETS LOGGING
# LOG mode for iptables
# Default: LOG
# Possible Values: LOG, ULOG, NFLOG
# LOG = syslog
# We recommend to install ulogd and use NFLOG.
FIREHOL_LOG_MODE="NFLOG"

vim /etc/

fail2ban

ai fail2ban
fail2ban-client status
fail2ban-client status postfix
fail2ban-client set postfix unbanip IP
fail2ban-regex /var/log/mail.warn /etc/fail2ban/filter.d/postfix.conf
vim /etc/fail2ban/jail.local
fail2ban-client reload postfix
service fail2ban restart
fail2ban-customs
f2b_status.sh

show my public ip

curl -4 http://ip.dynproxy.net

dnsbl-ipset

https://github.com/firehol/firehol/wiki/dnsbl-ipset.sh
/usr/share/doc/firehol-tools/examples/contrib/dnsbl-ipset.sh

/etc/firehol/firehol.conf

ipset4 create dnsbl hash:ip timeout $[86400 * 14] maxelem 500000 prevent_reset_on_restart comment 
action4 AUDIT_ACCEPT \ 
action ACCEPT state NEW log "AUDIT" \ 
next action ACCEPT 
blacklist4 full inface "${wan}" ipset:dnsbl \ 
except src ipset:whitelist

leider waren auch

Tags

security

dns

firewall

fail2ban customs

/etc/fail2ban/filter.d/spamassassin.conf
[Definition] failregex = failregex = \[<ADDR>\]: 5\.7\.1 Blocked by SpamAssassin; ignoreregex =
/etc/fail2ban/filter.d/postfix-custom.conf
# Fail2Ban filter for selected Postfix SMTP rejections [INCLUDES] # Read common prefixes.
Tags firewall
fail2ban jail.local /etc/fail2ban/jail.local [DEFAULT] ignoreip = 10.0.3.0/24 bantime = 1d findtime = 2d maxretry = 2 [pam-generic] ignoreip = YOUR-LOCAL-CLIENT-IP-RANGE.0.0/16 enabled = true filter = pam-generic logpath = /var/log/auth.log [sshd] ignoreip = YOUR-LOCAL-CLIENT-IP-RANGE.0.0/16 enabled &nbsp Tags firewall f2b_status.sh #!/bin/bash # ============================================================================= # Script Name: f2b_status.sh # Version: 1.6 # Description: This script retrieves and displays the status of all Fail2Ban # jails, including error handling and logging. # ============================================================================= # Log file path LOG_FILE="/var/log/fail2ban-status.log" # Function to log messages with timestamp log_message() { echo "$(date +"%Y-%m-%d %H:%M:%S") - $1" | tee -a "$LOG_FILE" } # Function to retrieve t Tags firewall script /etc/cron.weekly/dnsbl-update #!/bin/sh # Version: 1.3 # Description: Update DNS blocklist and ensure script runs in the background LOCKFILE="/var/run/dnsbl-ipset.lock" LOGFILE="/var/log/dnsbl-ipset.log" # Ensure the script runs in the background if [ -z "$BACKGROUND" ]; then BACKGROUND=true nohup "$0" "$@" >> $LOGFILE 2>&1 & exit 0 fi { echo "[$(date)] Starting dnsbl-update script" if [ ! Tags firewall script ipset_blacklist_reload.sh #!/bin/bash # ============================================================================= # Script Name: ipset_blacklist_reload.sh # Version: 1.1 # Author: Andreas Fleckl # Description: This script reloads an ipset with CIDR /24 network ranges from a # specified file, including error handling and logging. # ============================================================================= # Define your ipset name IPSET_NAME="blacklist" # Path to your list of IP network ranges, one per line IP_LIST_PATH="/etc/firehol/blacklist.netset" # Log fi Tags firewall script f2b_check_ips.sh #!/bin/zsh # ============================================================================= # Script Name: f2b_check_ips.sh # Version: 1.1 # Author: Andreas Fleckl # Description: This script extracts and prints all banned IPs from Fail2Ban # jails, with an option to filter IPs based on a search argument. # Includes error handling and logging. # ============================================================================= # Function to extract the list of jails extract_jail_list() { # Run fail2ban-client status and extract the Tags firewall script firehol blacklist # # ipv4 hash:ip ipset # # Maintainer : bubu IT # Maintainer URL : https://bubuit.net # List source URL : https://blacklist.bubuit.net # Category : spam imap smtp fail2ban evil # Tags firewall ipset ai firehol-tools ll -t /etc/firehol/ipsets update-ipsets enable firehol_level1 firehol_level2 firehol_level3 firehol_level4 fullbogons spamhaus_drop sslbl blocklist_de greensnow ciarmy sslbl_aggressive update-ipsets ipset -L -n ipset -L firehol_level1 t /var/log/update-ipsets.log update-ipsets --help man ipset /etc/cron.daily/update-ipsets #!/bin/sh update-ipsets -s > /var/log/update-ipsets.log 2>&1 Tags firewall security firehol whitelist /etc/firehol/whitelist.txt # myips YOUR PUBIPS # hetzner.de 46.4.20.50 # packageist 185.56.232.198 # Mail Server 54.245.105.146 85.214.65.224 151.101.114.217 176.9.37.124 176.9.78.130 188.40.28.171 195.145.228.186 109.73.15.86 # Top Mailserver 62.146.106.0/24 74.125.200.0/24 80.67.18.0/24 81.169.145.0/24 142.251.31.0/24 194.25.134.0/24 209.85.217.0/24 # google.com 209.85.128.0/24 209.85.214.0/24 209.85.217.0/24 209.85.219.0/24 209.85.220.0/24 Tags firewall fail2ban statistics ai mailutils https://www.abuseipdb.com/ https://www.liveipmap.com/ /etc/cron.monthly/f2b-stat #!/bin/sh Tags analytics security firewall DDoS protection: SYNPROXY /etc/firehol/firehol.conf # SYNPROXY TRAP_PORTS="25 80" SUSPECTS_TIMEOUT=3600 TRAP_TIMEOUT=86400 VALID_CONNECTION_COUNT=2 TRAP_ACTION="DROP" ipv4 synproxy input inface "${wan}" dst "${PUBLIC_IPS}" dport "${TRAP_PORTS}" accept Tags firewall security