Commit bcf55c12 authored by Thomas Capricelli's avatar Thomas Capricelli
Browse files


parent 4042952354af
Code in this directory will fetch 'bad' ips from the server and block
them on the current host/server, using kernel "ipset"s. This is for linux only.
Code in this directory will fetch 'bad' IPs from the server and add them to ipset 'sets'. We
use one for IPv4 and one for IPv6.
The proper setup is the following
* those sets are created, typically by init scripts at boot. How to do that depends on your distribution
* configure iptables to USE those sets. Again, this is distribution dependant.
* this script will fill those two sets by querying the botfreak server
Creating the sets
The kernel must be compiled with ipset support for hash:ip
And you need to create two sets:
ipset create botfreak-ipv4 hash:ip family inet maxelem 5000000
ipset create botfreak-ipv6 hash:ip family inet6 maxelem 5000000
The botfreak blocker will check for those before doing anything else, reports, and stops if not present.
Blocking traffic
(for those sets)
iptables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv4 src -j DROP
ip6tables -A INPUT -i $EXTERNAL_INTERFACE -m set --match-set botfreak-ipv6 src -j DROP
Put those 4 lines in a file /etc/local.d/botfreak.start
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment