On Sat, 1 Oct 2016 10:59:02 +0100
Allen Coates <znab...@cidercounty.org.uk> wrote:
>
>
> On 01/10/16 10:37, Postfix User wrote:
> > On Fri, 30 Sep 2016 17:08:05 -0700, li...@lazygranch.com stated:
> >
> >> This will pull these hackers off your maillog.
> >> bzgrep -e auth=0/1 maillog* | sed 's/.*\[\([^]]*\)\].*/\1/g'
> >> >iplist sort iplist | uniq
> > Great idea. I modified it slightly since the "sort" was not working
> > correctly here. I make a bash script.
>
> I use the "tail" command on the logfile, and rebuild periodically, so
> the blacklisted entries die after a few days.
>
> And I also use "uniq -d" so they are only blacklisted after the second
> "strike".
>
> > IPLIST="/var/tmp/iplist.txt"
> > MAILLOG="/var/log/maillog"
> >
> > if [[ -e ${IPLIST} ]]; then
> > rm ${IPLIST} &> /dev/null
> > fi
> >
> > bzgrep -e auth=0/1 ${MAILLOG} | sed 's/.*\[\([^]]*\)\].*/\1/g' |
> > sort -V | uniq > ${IPLIST}
> >
> > I think I will add the ability to create a table for IPFW also.
>
> My entries go in the file postscreen_blacklist.cidr
>
>
> Allen C
>
This is how I convert an ascii list to an IPFW table. Note there is a
command to find which tables are in use, but I can't find it in the man.
Just make sure you don't overwrite a table in use. This example uses
table 1.
----------------------------------
ipfw table 1 flush
cat fileofips | xargs -n1 echo ipfw table 1 add | bash
---------------------------------
The use of bash is in the event you have a bug in the fileofips. It
insures whichever ips in the file that can be parsed are fed to the
table. Useful in the event you have a script to generate the IPs and
things go south.
OT but perhaps useful, if you run nginx and use their "deny" format in a
file, this script will convert it to a table.
--------------
sed 's/ //g; s/deny//; s/;//; /^#/d' blockips.conf >feedipfw
ipfw table 1 flush
cat feedipfw | xargs -n1 echo ipfw table 1 add | bash
service nginx reload
service nginx restart
--------------------
