The script pf-spamhaus-drop uses the Don't Route Or Peer Lists (DROP) from Spamhaus to block all traffic to and from listed IPs. The lists get daily updated through the periodic utility.
It downloads the wanted lists, IPv4 lists only or also IPv6, and persists them in a table file for pf. After that it reloads the table to let pf know about the new entrys.
This script is for the periodic utility and only works on FreeBSD with pf enabled!
-
Copy the script to /usr/local/etc/periodic/daily/:
$ sudo cp 10.pf-spamhaus-drop /usr/local/etc/periodic/daily/ $ sudo chmod 555 /usr/local/etc/periodic/daily/10.pf-spamhaus-dropOr get it as raw file and paste it into your terminal. Don't forget to change permissions!
-
Enable it in /etc/periodic.conf.local:
$ sudo vi /etc/periodic.conf.local # ipv4 daily_pf_spamhaus_drop_enable="YES" # uncomment if using ipv6 #daily_pf_spamhaus_drop_ipv6="YES" -
Adjust pf configuration, usually /etc/pf.conf:
$ sudo vi /etc/pf.conf table <spamhausdrop> persist file "/etc/pf.spamhausdrop" block in log quick on $if from <spamhausdrop> to any block out log quick on $if from any to <spamhausdrop>Adjust $if to your public facing interface!
If you don't want pf to log every single block, you can simply remove the keyword log.
-
Touch /etc/pf.spamhausdrop and verify configuration of pf:
$ sudo touch /etc/pf.spamhausdrop $ sudo pfctl -nf /etc/pf.conf -
Enjoy it daily in your periodic report! :)
-
If you want to, execute it on demand:
$ sudo /usr/local/etc/periodic/daily/10.pf-spamhaus-drop
Use of this source code is governed by the MIT License.