OpenBSD and PF – iblocklist.com cheap blacklisting #openbsd #firewall
You need buy a $10.00 per year subscription from http://iblocklist.com. You will get a “Pin” number for your downloads. Then you plug the pin number into the end of the URL’s from the wget commands in this script:
You might have to create a few directories, change a few usernames around etc. But it is built exactly like that on my system. (OpenBSD 5.4-STABLE)
Then… Once you have the script working how you like by just running it manually.
Create a cronjob as root like this:
then add line at the bottom:
30 03 * * * /usr/local/bin/bash /home/forgotten/iblocklist/iblocklist.sh
This runs at 03:30am.
It will re-parse the iblocklist.sh script nightly pulling down the latest lists, and re-parsing the CIDR blocks into PF table rules.
Then edit your /etc/pf.conf for your liking right above your “Block All” rule such as:
# Block Tables table persist file “/etc/pftables/randoms” table persist file “/home/forgotten/iblocklist/iblocklist_full” block drop out log (all) quick from any to block drop out log (all) quick from any to block in log on $extnet
Then watch the magic!!
tcpdump -e -ttt -i pflog0