Start with the dependencies:
Code: Select all
apt-get install zip unzip ipset
Then add this to your existing iptables firewall script:
Code: Select all
ipset create sfs_block hash:net
iptables -I FORWARD -p tcp --dport 80:443 -m set --match-set sfs_block src -j DROP
Then a script that updates the ipset:
Code: Select all
ipset destroy tempset
ipset create tempset hash:net
cd /tmp
wget -N http://www.stopforumspam.com/downloads/listed_ip_7.zip
unzip listed_ip_7.zip
sed 's:^:add tempset :' listed_ip_7.txt > listed_ip_7_importfile.txt
ipset restore < listed_ip_7_importfile.txt
rm listed_ip_7_importfile.txt
ipset swap tempset sfs_block
The script can just be cron'ed daily to keep it reasonably updated... hopefully someone will find that helpful. :-)
NOTE: I selected a number of IP's from the list and whois'ed them to see what I would find. Some of them were hosting providers (infected webapps and plugins no doubt) so I would suggest not blocking them from legitimate services that may be running in a hosted environment (like SMTP for example).
S.