rss logo

How To : Packet Filter to block IPs address from a blacklist

This How To shows the use of Packet Filter firewall in order to block ips thanks to a blacklist file, as PeerBlock does under Windows. Packet Filter has better performances than Netfilter.

Intro

Configuration

Commands

Download a black list

We can download list from www.iblocklist.com. For example download the PrimaryThreats here. We need to unzip and format the file to make it work with Packet Filter.

# wget "URLtomyremotelist" -O list.zip
# unzip file.zip
cut -d ":" -f2 list.txt | grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" > blocklist.tmp
sed -i 's/-/:/' blocklist.tmp
for i in $(cat blocklist.tmp); do echo "$i"; ipcalc -r "$i"| grep "/" >> blocklist; done
set limit table-entries 1000000
table <blocklist> persist file "/etc/blocklist"

pass out on $wan
pass in quick on $lan inet proto tcp from 192.168.1.10 to any port { 80, 443 }
block quick log (all, to pflog0) on any from <blocklist> to 192.168.1.10
block quick log (all, to pflog1) on any from 192.168.1.10 to <blocklist>
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address