Adding in abuseipdb into the firewall

Hi

I’ve found a cool list with IPs coming in from abuseipdb:

It has nearly 10000k of them in abuseipdb-s100-60d.ipv4 (100% certinty, for the last 60 days)

My question - I have put the file in: /usr/local/hestia/install/common/firewall/ipset/abuseipdb-s100-60d.ipv4

When creating the firewall rule at https://2024.foo.com:9183/add/firewall/ipset/ , so I just set the source as the path to the file? I’ve not done it like this before (normally I just use the pre-set ones)

Thanks!

Andy

Hi @andrewnewby,

No, to add an ipset list use this doc How do I setup an IPSet blacklist or whitelist?

The url you should add for abuseipdb-s100-60d.ipv4 is this:

https://raw.githubusercontent.com/borestad/blocklist-abuseipdb/main/abuseipdb-s100-60d.ipv4
2 Likes

Awesome, even easier then :slight_smile: Thanks! How do I verify its setup? I created the rule as “abusedb” , but I can’t see anything in iptables to that end:

iptables --list -n | grep abuse

That rule is using ipset:abusedb ? If the answer is yes:

v-update-firewall
iptables -S | grep abuse
1 Like

Oops - I missed a step =) I created the ipset LIST , but didn’t actually apply it to a rule - so I added a TCP drop on all ports for the 2 sets, and it works:

iptables -S | grep set
-A INPUT -p tcp -m set --match-set abusedb src -j DROP
-A INPUT -p tcp -m set --match-set maliciousipv4 src -j DROP

Thanks :sunglasses:

2 Likes

Would you have to create a cron to update that list say every month?

When you create the ipset, you have the option to enable the auto update and it will be updated every day, there is no need to add any additional cron job to do it.