1 November 2023 | by Xavier Bellekens
One effective method of bolstering your network’s security is by integrating IPtables, Linux’s native firewall, with a dynamic blocklist. This blog post will guide you through the process of implementing this security measure, ensuring you are protected against known malicious IP addresses.
A dynamic blocklist is an updated list of IP addresses identified as threats. By integrating this blocklist with IPtables, you are proactively preventing these potentially harmful IP addresses from accessing your network.
IPtables is a versatile and powerful tool that manages network packet filtering rules. When combined with a dynamic blocklist, it allows for automated and real-time updates to firewall rules, offering an additional layer of network protection.
Before diving into the script and automation, ensure you have a designated directory to store your blocklists and scripts:
mkdir /etc/iptables_blocklist cd /etc/iptables_blocklist
Lupovis provides uparalleled blocklists catering to a variety of specific security needs ranging from sectorial and geographical blocklists that are meticulously compiled to identify 0-day adversaries, human actors, bots, mass scanners, and a plethora of other potential threats to global blocklists.
This is made possible through an extensive network of sensors strategically placed across the internet, dedicated to analyzing and interpreting the incessant noise of online activity.
These sensors work tirelessly, classifying and categorizing the internet’s cacophony in real-time, ensuring that Lupovis’ blocklists are consistently accurate, reliable, and up-to-date.
As a result, organizations can trust in the efficacy of these blocklists to provide a robust layer of security, defending their networks against a wide array of cyber threats. With Lupovis, users are not just accessing blocklists; they are leveraging a comprehensive threat intelligence system that stands at the forefront of internet security.
To join our beta for the dynamic blocklists register with a professional address on
Create a script named
#!/bin/bash BLOCKLIST_URL="LUPOVIS Dynamic Blocklists" PREVIOUS_BLOCKLIST="/etc/iptables_blocklist/previous_blocklist.txt" CURRENT_BLOCKLIST="/etc/iptables_blocklist/current_blocklist.txt" IPTABLES="/sbin/iptables" IPSET="/sbin/ipset" BLOCKLIST_SET_NAME="myblocklist" # Download the current blocklist curl -s $BLOCKLIST_URL -o $CURRENT_BLOCKLIST # Create the ipset set if it does not exist $IPSET list -n | grep -q $BLOCKLIST_SET_NAME || $IPSET create $BLOCKLIST_SET_NAME hash:ip # Add new IPs to the blocklist comm -23 <(sort $PREVIOUS_BLOCKLIST | sort | uniq) <(sort $CURRENT_BLOCKLIST | sort | uniq) | while read -r IP; do $IPSET add $BLOCKLIST_SET_NAME $IP done # Remove outdated IPs from the blocklist comm -13 <(sort $PREVIOUS_BLOCKLIST | sort | uniq) <(sort $CURRENT_BLOCKLIST | sort | uniq) | while read -r IP; do $IPSET del $BLOCKLIST_SET_NAME $IP done # Ensure the IPtables rule is in place $IPTABLES -C INPUT -m set --match-set $BLOCKLIST_SET_NAME src -j DROP 2>/dev/null || $IPTABLES -I INPUT -m set --match-set $BLOCKLIST_SET_NAME src -j DROP # Save the current blocklist as the previous one for the next run cp $CURRENT_BLOCKLIST $PREVIOUS_BLOCKLIST
Make the script executable:
chmod +x /etc/iptables_blocklist/update_blocklist.sh
To keep your blocklist updated, create a cron job to run the script regularly:
Add the following line to execute the script every hour:
0 * * * * /etc/iptables_blocklist/update_blocklist.sh
Save and exit the editor.
ipsetfor Performance: Utilizing
ipsetensures that even large blocklists won’t hinder your system’s performance.
Integrating a dynamic blocklist with IPtables is a proactive measure to enhance your network’s security. By following this guide, you can automatically block traffic from known malicious IP addresses, keeping your network safe and secure. Don’t leave your system vulnerable; implement a dynamic blocklist with IPtables today and fortify your network defenses!