[CentOS] ipset and blacklisting

tdukes at palmettoshopper.com tdukes at palmettoshopper.com
Wed Sep 21 13:10:14 UTC 2016 



-------- Original Message --------
Subject: Re: [CentOS] ipset and blacklisting
From: "Albert McCann" <mac358 at newsguy.com>
Date: Wed, September 21, 2016 5:34 am
To: "'CentOS mailing list'" <centos at centos.org>

How are you saving and reloading the ipsets over a reboot?

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of TE Dukes
> Sent: Tuesday, September 20, 2016 9:46 PM
> To: 'CentOS mailing list' <centos at centos.org>
> Subject: [CentOS] ipset and blacklisting
> 
> This is what ipset can do for traffic on a home server that's not wanted
> on
> a slow 6MB DSL connection.
> 
> http://palmettoshopper.com/httpd_traffic.jpg
> 
> I only use my home server for zoneminder, testing my commercial website
> and
> streaming movies.
> 
> Got tired of hackers looking for files that don't exist on my home server
> and non-complying robots.
> 
> Check the drop in bandwidth.
> 
> Setup up a redirect to the NSA webite. They can deal with the hackers.
> 
> HTH
> 

I do a:

ipset save blacklist, and service ipset save

I use three scripts:

access_log_ips.sh

#!/bin/bash
##############################################
cp /root/blacklist /root/blacklist.old

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d
/var/log/httpd/access_log | sort | uniq > blacklist

exit 0



import_blacklist.sh

#!/bin/bash
##############################################
sed s/,/\\n/g /root/blacklist |while read i; do ipset add blacklist $i

/usr/sbin/ipset save blacklist

# rm -f /root/blacklist.old

done

and most importantly so I don't ban myself,

ipset_whitelist.sh

#!/bin/bash
##############################################
ipset del blacklist 192.168.1.102
ipset del blacklist 192.168.1.110
ipset del blacklist 107.161.163.5
ipset del blacklist 24.168.204.125
ipset del blacklist 107.161.163.4
ipset del blacklist 66.87.133.247
ipset del blacklist 107.161.163.10
ipset del blacklist 192.240.96.67
ipset del blacklist 107.161.163.8
ipset del blacklist 192.240.96.133
ipset del blacklist 127.0.0.1

ipset save blacklist

service ipset save

exit 0

I combined the three in another script that runs 4 times a day.

More information about the CentOS mailing list