Hi
I’ve found a cool list with IPs coming in from abuseipdb:
It has nearly 10000k of them in abuseipdb-s100-60d.ipv4 (100% certinty, for the last 60 days)
My question - I have put the file in: /usr/local/hestia/install/common/firewall/ipset/abuseipdb-s100-60d.ipv4
When creating the firewall rule at https://2024.foo.com:9183/add/firewall/ipset/ , so I just set the source as the path to the file? I’ve not done it like this before (normally I just use the pre-set ones)
Thanks!
Andy
Hi @andrewnewby,
No, to add an ipset list use this doc How do I setup an IPSet blacklist or whitelist?
The url you should add for abuseipdb-s100-60d.ipv4 is this:
https://raw.githubusercontent.com/borestad/blocklist-abuseipdb/main/abuseipdb-s100-60d.ipv4
Awesome, even easier then 
Thanks! How do I verify its setup? I created the rule as “abusedb” , but I can’t see anything in iptables to that end:
iptables --list -n | grep abuse
That rule is using ipset:abusedb ? If the answer is yes:
v-update-firewall
iptables -S | grep abuse
Oops - I missed a step =) I created the ipset LIST , but didn’t actually apply it to a rule - so I added a TCP drop on all ports for the 2 sets, and it works:
iptables -S | grep set
-A INPUT -p tcp -m set --match-set abusedb src -j DROP
-A INPUT -p tcp -m set --match-set maliciousipv4 src -j DROP
Thanks 
Would you have to create a cron to update that list say every month?
When you create the ipset, you have the option to enable the auto update and it will be updated every day, there is no need to add any additional cron job to do it.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.