Iptables Shell Script To Drop Spamhaus Listed IP

Valic —  June 27, 2011 — Leave a comment

The Spamhaus Project is one of the largest anti-spam DNS blacklist services known. Founded in 1998, Spamhaus has operations in Geneva, Switzerland, and London in addition to the 28 investigators and forensic specialists located in 8 countries. Spamhaus is a true 24 hour a day anti-spam operation. With over 60 public DNS Servers distributed across 18 countries, Spamhaus is able to serve billion of DNS requests to the world over, all free of charge. It has been estimated that 1.4 billion users mailboxes are in some way protected by The Spamhaus Project every day.

Here, I will show you a script that automatically blocks IPs blocked by Spamhaus:

#!/bin/bash

IPT=”/sbin/iptables”
FILE=”/tmp/drop.lasso”
URL=”http://www.spamhaus.org/drop/drop.lasso”

echo “”
echo -n “Deleting DROP list from existing firewall…”

#This will delete all dropped ips from firewall
ipdel=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)

for ipblock in $ipdel
do
$IPT -D spamhaus-droplist -s $ipblock -j DROP
$IPT -D droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
done

echo -n “Applying DROP list to existing firewall…”

#This will drop all ips from spamhaus list.
[ -f $FILE ] && /bin/rm -f $FILE || :
cd /tmp
wget $URL

blocks=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)
$IPT -N spamhaus-droplist

for ipblock in $blocks
do
$IPT -A droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
$IPT -A droplist -s $ipblock -j DROP
done

$IPT -I INPUT -j droplist
$IPT -I OUTPUT -j droplist
$IPT -I FORWARD -j droplist

echo “…Done”

You can put this script in cronjob to run every 24 hours to make sure you have the list updated to date.

You can use this tutorial for crontab : Link

IMPORTANT: The list has about 500 IP addresses. Filtering method is DROP ,in which case no reply is sent to the source, as REJECT.
Your traffic will not be affected if you have a mail server and a Web server.

You can download script directly from here : Link

Enjoy.

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply