Alan Orth
c2a92269e4
This uses the ipsets feature of the Linux kernel to create lists of
IPs (though could be MACs, IP:port, etc) that we can block via the
existing firewalld zone we are already using. In my testing it works
on CentOS 7, Ubuntu 16.04, and Ubuntu 18.04.
The list of abusive IPs currently comes from HPC's systemd journal,
where I filtered for hosts that had attempted and failed to log in
over 100 times. The list is formatted with tidy, for example:
$ tidy -xml -iq -m -w 0 roles/common/files/abusers-ipv4.xml
See: https://firewalld.org/2015/12/ipset-support
8 lines
252 B
XML
8 lines
252 B
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<ipset type="hash:ip">
|
|
<option name="family" value="inet6"/>
|
|
<short>abusers-ipv4</short>
|
|
<description>A list of abusive IPv6 addresses.</description>
|
|
<entry>2a03:2880:11ff:10::face:b00c</entry>
|
|
</ipset>
|