Ön tanımlı olarak ConfigServer üzerine engelleme listesi ekleyebilirsiniz, kötü amaçlar için kullanılan IP adreslerini sisteminizden bu şekilde uzaklaştırabilirsiniz.
Detaylı listeyi aşağıya bırakıyorum, bu listeyi ConfigServer üzerinde IPSET modülü ile kullanınız. Aksi durumda tablolarda fazlaca IP adresi göreceğiniz için kafanız bir ufak karışabilir. Bunun dışında firewall performansı olumsuz yönde birazda olsa etkilenebilir.
Aşağıdaki blocklist kullanabilmek için csf.conf içerisinde aşağıdaki değişikliği yapmanızdır. Bundan sonrasında listeleri direk kullanabilirsiniz.
- LF_IPSET=1
- LF_IPSET_HASHSIZE=4096
- LF_IPSET_MAXELEM=16777216
Api key gerektiren yerler olduğunu unutmayınız, ücretsiz olarak api key alarak bu listelere erişebilirsiniz.
###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# This file contains definitions to IP BLOCK lists.
#
# Uncomment the line starting with the rule name to use it, then restart csf
# and then lfd
#
# Each block list must be listed on per line: as NAME|INTERVAL|MAX|URL
# NAME : List name with all uppercase alphabetic characters with no
# spaces and a maximum of 25 characters - this will be used as the
# iptables chain name
# INTERVAL: Refresh interval to download the list, must be a minimum of 3600
# seconds (an hour), but 86400 (a day) should be more than enough
# MAX : This is the maximum number of IP addresses to use from the list,
# a value of 0 means all IPs
# URL : The URL to download the list from
#
# Note: Some of these lists may be very long and could cause serious network
# and/or performance issues unless you are using LF_IPSET in csf, so setting a
# value for the MAX field should be considered
#
# After making any changes to this file you must restart csf and then lfd
#
# If you want to redownload a blocklist you must first delete
# /var/lib/csf/csf.block.NAME and then restart csf and then lfd
#
# Each URL is scanned for an IP/CIDR address per line and if found is blocked
#
# The downloaded list can be a zip file. The zip file MUST only contain a
# single text file of a single IP/CIDR per line
#
# Note: CXS_ is a reserved prefix for the blocklist name and MUST NOT be used
# AbuseIPDB blacklist
# Details: https://docs.abuseipdb.com/#blacklist-endpoint
ABUSEIPDB|86400|10000|https://api.abuseipdb.com/api/v2/blacklist?key=<API_KEY>&plaintext
# Spamhaus Don't Route Or Peer List (DROP)
# Details: http://www.spamhaus.org/drop/
SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.txt
# Spamhaus IPv6 Don't Route Or Peer List (DROPv6)
# Details: http://www.spamhaus.org/drop/
SPAMDROPV6|86400|0|https://www.spamhaus.org/drop/dropv6.txt
# Spamhaus Extended DROP List (EDROP)
# Details: http://www.spamhaus.org/drop/
SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.txt
# TOR Exit Nodes List
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
TOR|3600|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4
# RTBH.com.tr Threat List
# Details: https://list.rtbh.com.tr/
RTBHCOMTR|3600|0|https://list.rtbh.com.tr/output.txt
# RTBH.network Threat List
# Details: https://rtbh.network/
RTBHNETWORK|3600|0|https://list.rtbh.network/
# Project Honey Pot Directory of Dictionary Attacker IPs
# Details: http://www.projecthoneypot.org
HONEYPOT|86400|0|https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
# C.I. Army Malicious IP List
# Details: http://www.ciarmy.com
CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt
# Stop Forum Spam
STOPFORUMSPAM|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_365d.ipset
# abuse.ch Feodo Tracker Botnet C2 IP Blocklist (recommended)
FEODO|86400|0|https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
# LIVE BLACKLIST IPv4/IPv6 ADDRESSES DATABASE
MYIP|86400|0|https://myip.ms/files/blacklist/csf/latest_blacklist.txt
# HTTP spam sources identified by http://sblam.com.
SBLAM|86400|0|https://sblam.com/blacklist.txt
# A distributed VoIP blacklist that is aimed to protects against VoIP Fraud
VOIPBL|86400|0|http://www.voipbl.org/update/
# Proxies
FH_PROXIES|86400|0|https://iplists.firehol.org/files/firehol_proxies.netset
# Pedeophiles
PEDO|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_pedophiles.netset
# BruteForceBlocker IP List
# Details: http://danger.rulez.sk/index.php/bruteforceblocker/
BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
# Blocklist.de
# Set URLGET in csf.conf to use LWP as this list uses an SSL connection
# Details: https://www.blocklist.de
# This first list only retrieves the IP addresses added in the last hour
BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600
# This second list retrieves all the IP addresses added in the last 48 hours
# and is usually a very large list (over 10000 entries), so be sure that you
# have the resources available to use it
BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt
# Blocklistde
BDESSH|86400|0|https://lists.blocklist.de/lists/ssh.txt
BDEMAIL|86400|0|https://lists.blocklist.de/lists/mail.txt
BDEAPACHE|86400|0|https://lists.blocklist.de/lists/apache.txt
BDEIMAP|86400|0|https://lists.blocklist.de/lists/imap.txt
BDEFTP|86400|0|https://lists.blocklist.de/lists/ftp.txt
BDESIP|86400|0|https://lists.blocklist.de/lists/sip.txt
BDEBOTS|86400|0|https://lists.blocklist.de/lists/bots.txt
BDESTRONGIPS|86400|0|https://lists.blocklist.de/lists/strongips.txt
BDEBRUTEFORCE|86400|0|https://lists.blocklist.de/lists/bruteforcelogin.txt
# Alienvault Reputation Malicious IP Block
ALIENVAULT_REPUTATION|86400|0|https://reputation.alienvault.com/reputation.generic
# Emerging Threats fwip rules.
ET_BLOCK|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_block.netset
ET_COMPROMISED|86400|0|https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_compromised.ipset
# GreenSnow Hack List
# Details: https://greensnow.co
GREENSNOW|86400|0|https://blocklist.greensnow.co/greensnow.txt
