OpenBSD and PF – iblocklist.com cheap blacklisting #openbsd #firewall

You need buy a $10.00 per year subscription from http://iblocklist.com. You will get a “Pin” number for your downloads. Then you plug the pin number into the end of the URL’s from the wget commands in this script:
http://wmfb.co/txt/iblocklist.sh.txt

You might have to create a few directories, change a few usernames around etc. But it is built exactly like that on my system. (OpenBSD 5.4-STABLE)
Then… Once you have the script working how you like by just running it manually.

Create a cronjob as root like this:
crontab -e
then add line at the bottom:

30 03 * * * /usr/local/bin/bash /home/forgotten/iblocklist/iblocklist.sh

This runs at 03:30am.

It will re-parse the iblocklist.sh script nightly pulling down the latest lists, and re-parsing the CIDR blocks into PF table rules.

Then edit your /etc/pf.conf for your liking right above your “Block All” rule such as:

# Block Tables
table persist file “/etc/pftables/randoms”
table persist file “/home/forgotten/iblocklist/iblocklist_full”
block drop out log (all) quick from any to 
block drop out log (all) quick from any to 
block in log on $extnet

Then watch the magic!!

tcpdump -e -ttt -i pflog0

Cheers!