IPSET with RBL-Database

Requirements

Depend your OS, you need install:

  • IPSET
  • IPTABLES
  • curl or wget

Download and Installation

First you need Download ipset.sh script and save it to ex. /usr/sbin/me_ipset.sh

curl https://cdn.malware.expert/ipset.sh > /usr/sbin/me_ipset.sh

Modify owner and file permissions to correct:

chmod 750 /usr/sbin/me_ipset.sh
chown root:root /usr/sbin/me_ipset.sh

Open me_ipset.sh file with editor (nano / vi) and replace from begin URL with correct subscription download url:

URL="https://rbl.malware.expert/serial_key_here/ip.txt"

Replace serial_key_here your subscription key (ex. 21r3jx79pcm9tj50z5lnuannp). Your buyed subscription key found in here! If you dont have you need Buy subscription.

Crontab

Now you need add to cronjob reload every hour new IP’s to block bot network attacks.

crontab -e

We set run cron every hourly, five minutes over. Note: You can choose suitable time for your server load, but remember do not schedule too often, because IP list is updated every hourly only!

#RBL Database - IPSET
5 * * * * /usr/sbin/me_ipset.sh reload >/dev/null 2>&1

Usage

You can also manual test that everything work as it should:

Usage: ./me_ipset.sh {start|restart|reload|stop}

Start

root@localhost:/usr/sbin# ./me_ipset.sh start

blocklist-me :: Processing IP List, this may take while ...
blocklist-me :: Started and rules loaded

Stop

root@localhost:/usr/sbin# ./me_ipset.sh stop

blocklist-me :: Stopping and delete rules

reload

Reload only new blacklist rules. Note: me_ipset.sh need be started!

root@localhost:/usr/sbin# ./me_ipset.sh reload

blocklist-me :: Processing IP List, this may take while ...
blocklist-me :: Rules reloaded

restart

root@localhost:/usr/sbin# ./me_ipset.sh restart

blocklist-me :: Stopping and delete rules
blocklist-me :: Processing IP List, this may take while ...
blocklist-me :: Started and rules loaded