-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_list.conf
117 lines (74 loc) · 5.36 KB
/
example_list.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# This script will return IPv4 URLs.
# Set the directory where set files will be stored and the name of set.
SET_DIR=/root/ipset
SET_NAME=blacklist
# Script will create the following files inside the directory entered above:
# <set_name>.list # Final clean list.
# <set_name>.restore # Restores ipset after a reboot.
# .<set_name>-raw # Hidden file with base data not run through iprange.
###################### ADD TO IPSET #################################
# This is the list of URLs that you typically want to blacklist.
# However, you could also use this list as a whitelist in iptables.
# How you set up the rule for the ipset in iptables will determine its usage.
# Include any files or URLs you would like to add to this ipset.
BASE_ARRAY=(
# firehol_level1 includes:
# bambenek_c2, dshield, feodo, Team-cymru-fullbogons, palevo, spamhaus_drop, spamhaus_edrop, sslbl, zeus_badips, ransomware_rw
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset"
# firehol_level2
# An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow openbl_1d virbl)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset"
# firehol_level3
# An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dragon_http dragon_sshpauth dragon_vncprobe dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip openbl_30d shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter zeus vxvault)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset"
# firehol_level4
# An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset"
# firehol_abusers_1d
# An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_1d.netset"
# firehol_abusers_30d
# An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset"
# firehol_anonymous
# An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_anonymous.netset"
# firehol_proxies
# An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_proxies.netset"
# Local blacklist file
"file:///data/logs/blacklist.txt"
# myip.ms User Submitted Blacklist last 10 days
"https://myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt"
# myip.ms Webcrawlers
"https://myip.ms/files/bots/live_webcrawlers.txt"
# Project25499 Scanner
"http://project25499.com"
"https://ip-ranges.amazonaws.com/ip-ranges.json" # Amazon Web Services IP Range
)
############################## EXCLUDE LIST ############################################
# Include any files or url's you would like to exclude from this ipset.
# Any addresses downloaded from the above BASE_ARRAY will removed if they match this list.
AUTO_PROTECT=yes # default yes
# If you this ipset is going to be a whitelist you may want to set AUTO_PROTECT=no
# Setting AUTO_PROTECT=yes will remove any of the below addresses from your list:
# 10.0.0.0/8 (class A private lan)
# 172.16.0.0/12 (class B private lan)
# 192.168.0.0/16 (class C private lan)
# 127.0.0.0/8 loopback
# Your Public IP Address
EXCLUDE_ARRAY=(
# Local whitelist file
"file:///data/logs/whitelist.txt"
)
############################## MATCH LIST ##############################################
# Include any files or URLs you would like to compare to this ipset.
# Addresses that have survived the whitelist will go on to be compared to those entered below.
# Any ip address not matching one from the match list will be removed from the set.
# This feature can be used to reduce your ipset so that only addresses from one country remain.
# This can be useful if you are already blocking certain countries in iptables.
# WARNING: be very careful with this. Entering a small ip list here could cause your resulting ipset to be blank if it doesn't match any of those ip's.
# Example: Adding the US zone ipblocks will delete all addresses in set that are not US.
MATCH_ARRAY=(
"http://www.ipdeny.com/ipblocks/data/aggregated/us-aggregated.zone" # US
)