Several sources provide IP blacklist free to download, you can leverage the blacklist to plan the blocking policies for your own firewall.
- http://myip.ms/files/blacklist/csf/latest_blacklist.txt
- http://infiltrated.net/blacklisted
Assuming that we have three different sources of blacklist, one is a local-maintained blacklist at /path/to/blacklist_local, two external sources from internet as listed above. All the sources will be combined into a finalized blacklist /path/to/blacklist. Let's see the steps:
- Create an executable script for maintaining the blacklist.
- Make the script executable
- Schedule the job in cron table
[root@test ~]# vi /path/to/maintain_blacklist.sh
#!/bin/bash
WDIR=/path/to
IPLT=$WDIR/blacklist
# Copy the local-maintained blacklist to the final blacklist
cat $WDIR/blacklist_local > $IPLT
# Download the blacklists from Internet and add them to the final blacklist
curl -s http://myip.ms/files/blacklist/csf/latest_blacklist.txt >> $IPLT
curl -s http://infiltrated.net/blacklisted >> $IPLT
[root@test ~]# chmod u+x /path/to/maintain_blacklist.sh
[root@test ~]# crontab -e
0 0 * * * sh /path/to/maintain_blacklist.sh
I scheduled the job to be executed every day.
Next, you should plan to apply the blacklist into IPTables, you may refer to my post for more implementations: How to Block Blacklist in IPTables.