- These are two simple scripts to block known and learned bad addresses.
- It is meant to be used on top of firewalld.
- This is for resource management, not security.
- Place scfw3.sh into /etc/cron.daily/1scfw
- Copy ip-aggregator.py into /usr/local/bin/
- This is mandatory
- Configure the lists you want enabled at the top of it
- Copy ip-aggregator.py into /usr/local/bin/
- Place trash.sh into /etc/cron.hourly/2trash
chmod +xboth of them- Enjoy!
- You must set FirewallBackend to iptables for firewalld or will have very long load times
- FireHOL for the blocklists: https://iplists.firehol.org
- IPdeny for the country lists: https://ipdeny.com
- @andrewtwin for the IP & CIDR merger: https://github.com/andrewtwin/ip-aggregator