Last active
January 13, 2025 13:37
-
-
Save MalteKiefer/407849891195a542dfa97329510aa387 to your computer and use it in GitHub Desktop.
UFW Block IPs from abuseipdb Blacklist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while read line; | |
| do | |
| /usr/sbin/ufw insert 1 deny from $line to any; | |
| done < /path/to/blacklist |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # get latest black list from abuseIPDB | |
| curl -G https://api.abuseipdb.com/api/v2/blacklist \ | |
| -d confidenceMinimum=50 \ | |
| -H "Key: <API_KEY>" \ | |
| -H "Accept: text/plain" | sort > /path/to/blacklist | |
| # block every ip in list | |
| /usr/bin/blacklist |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # API Key | |
| First of all create a free account here and create an API key to use the blacklist: https://www.abuseipdb.com | |
| # UFW | |
| You should have installed and started UFW, test it with | |
| ```bash | |
| ufw status | |
| ``` | |
| # Cronjob | |
| Now we set up the cronjob, it should not be shorter than daily, because otherwise you will quickly get over the query limit at abuseIPDB. | |
| Create the file `/etc/cron.daily/getBlacklist` with the above content, and replace `<API_KEY>` with cour API key. Change the path to the blacklist, something like `/opt/blacklist` | |
| # Blacklist | |
| The last step we create the blacklist script. It reads the blacklist file and create the UFW rules. UFW skips entries it already knows, so there is no danger of double entries. | |
| Create the /usr/bin/blacklist, change the path to the blacklist and change the permissions, somethink like this: `chmod 755 /usr/bin/blacklist` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hey, i was wondering if you have a fix for it spitting out "bad source address" from UFW?
edit: apparently it didn't work because i had set the confidence to 20 when it needed 25-100.