Home Automate IP blaclists with IPtables and IPset
Post
Cancel

Automate IP blaclists with IPtables and IPset

Posted Apr 28, 2023 Updated May 3, 2023
By jonny peace
2 min read

The why..

Gather data from abuse IP database and update firewall rules using ipset

This script is fairly recent, so might need some modifications.

Dependencies….

1

apt install ipset-persistent netfilter-persistent iptables-persistent iptables sed jq ipset fzf curl

I’ve set this up to work alongside crowdsec, so you get another way of veriying your traffic.

I’ve only tested this on servers with Ubuntu 22.04, might need modifications, especially for package checks at beginning of the script.

setup ipset and iptables

Requires ipset list, 2 week timeout included…

1
2

ipset create myset hash:ip timeout 1209600
ipset create myset6 hash:net family inet6 timeout 1209600

Requires iptables rule

1
2

iptables -I INPUT -m set --match-set myset src -j DROP
ip6tables -I INPUT -m set --match-set myset6 src -j DROP

Also requires to make sure iptables is persistent after new rule

1

sudo dpkg-reconfigure iptables-persistent

This script..

Githuib link..

1

git clone https://github.com/jonnypeace/ip-abuse-bash.git

You will also need an API key from abuseipdb.com and sign up for an account.

Store your api.key in the same folder as this script, with filename api.key

This script will save files in it’s current directory, so maybe best keeping in this git directory

You will want to modify the variable for the location you are using for this repo.

1

ip_file_path="$HOME/git/ip-abuse-bash"

Run this for some help…

1

./abuseIP.sh -h

Output:

1
2
3
4
5
6
7
8
9

On first run you will need the 10,000 IPs, so run with -g flag.

Option -c : check if ip is in databse, run ./abuseIP.sh -c 123.12.123.12
Option -g : Get 10,000 IP list from database, no further args required
Option -v : adds verbose to ip checking -c option only
Option -f : adds fuzzy file selection to adding ip rules to ipset. Any file ending in .ip and in this git directory.
Option -A : adds automation script for set files to update, any file ending in .ip and in this git directory.
Option -u : Check ufw logs and update IPSET - DO NOT USE -v VERBOSE!!
Option -h : Help tips :D

There are not a lot of options, and for automation in crontab, i run…

1
2

0 */3 * * * /home/jonny/ip-abuse-bash/abuseIP.sh -gA > /dev/null && echo 'database updated and added to ipset'
*/30 * * * * /home/jonny/ip-abuse-bash/abuseIP.sh -u > /dev/null && echo 'ufw log checked and ips added to ipset'

If you log more UFW firewall traffic with something like this…

1

ufw limit log 443/tcp

You might want to adjust the crontab timescale or upgrade your abuse IP database subscription :)

homelab, iptables, ipset, automate, firewall, bash
iptables ipset security firewall
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents