Adding in abuseipdb into the firewall


I’ve found a cool list with IPs coming in from abuseipdb:

It has nearly 10000k of them in abuseipdb-s100-60d.ipv4 (100% certinty, for the last 60 days)

My question - I have put the file in: /usr/local/hestia/install/common/firewall/ipset/abuseipdb-s100-60d.ipv4

When creating the firewall rule at , so I just set the source as the path to the file? I’ve not done it like this before (normally I just use the pre-set ones)



Hi @andrewnewby,

No, to add an ipset list use this doc How do I setup an IPSet blacklist or whitelist?

The url you should add for abuseipdb-s100-60d.ipv4 is this:

Awesome, even easier then :slight_smile: Thanks! How do I verify its setup? I created the rule as “abusedb” , but I can’t see anything in iptables to that end:

iptables --list -n | grep abuse

That rule is using ipset:abusedb ? If the answer is yes:

iptables -S | grep abuse
1 Like

Oops - I missed a step =) I created the ipset LIST , but didn’t actually apply it to a rule - so I added a TCP drop on all ports for the 2 sets, and it works:

iptables -S | grep set
-A INPUT -p tcp -m set --match-set abusedb src -j DROP
-A INPUT -p tcp -m set --match-set maliciousipv4 src -j DROP

Thanks :sunglasses:


Would you have to create a cron to update that list say every month?

When you create the ipset, you have the option to enable the auto update and it will be updated every day, there is no need to add any additional cron job to do it.