## Main Features
* banIP supports the following fully pre-configured domain blocklist feeds (free for private usage, for commercial use please check their individual licenses).
- **Please note:** the columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to the LAN forward chain - see the config options 'ban\_blockinput', 'ban\_blockforwardwan' and 'ban\_blockforwardlan' below.
+ **Please note:** By default every feed blocks all supported chains. The columns "WAN-INP", "WAN-FWD" and "LAN-FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to the LAN forward chain - see the config options 'ban\_blockpolicy', 'ban\_blockinput', 'ban\_blockforwardwan' and 'ban\_blockforwardlan' below.
| Feed | Focus | WAN-INP | WAN-FWD | LAN-FWD | Information |
| :------------------ | :----------------------------- | :-----: | :-----: | :-----: | :----------------------------------------------------------- |
| greensnow | suspicious server IPs | x | x | | [Link](https://greensnow.co) |
| iblockads | Advertising IPs | | | x | [Link](https://www.iblocklist.com) |
| iblockspy | Malicious spyware IPs | x | x | | [Link](https://www.iblocklist.com) |
+| ipthreat | hacker and botnet TPs | x | x | | [Link](https://ipthreat.net) |
| myip | real-time IP blocklist | x | x | | [Link](https://myip.ms) |
| nixspam | iX spam protection | x | x | | [Link](http://www.nixspam.org) |
| oisdbig | OISD-big IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
* Minimal status & error logging to syslog, enable debug logging to receive more output
* Procd based init system support (start/stop/restart/reload/status/report/search/survey/lookup)
* Procd network interface trigger support
-* Ability to add new banIP feeds on your own
+* Add new or edit existing banIP feeds on your own with the integrated custom feed editor
## Prerequisites
* **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 support
## banIP config options
-| Option | Type | Default | Description |
-| :---------------------- | :----- | :---------------------------- | :------------------------------------------------------------------------------------ |
-| ban_enabled | option | 0 | enable the banIP service |
-| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
-| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
-| ban_loglimit | option | 100 | the logread monitor scans only the last n lines of the logfile |
-| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
-| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
-| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
-| ban_debug | option | 0 | enable banIP related debug logging |
-| ban_loginput | option | 1 | log drops in the wan-input chain |
-| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
-| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
-| ban_autoallowlist | option | 1 | add wan IPs/subnets automatically to the local allowlist |
-| ban_autoblocklist | option | 1 | add suspicious attacker IPs automatically to the local blocklist |
-| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
-| ban_basedir | option | /tmp | base working directory while banIP processing |
-| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
-| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
-| ban_protov4 | option | - / autodetect | enable IPv4 support |
-| ban_protov6 | option | - / autodetect | enable IPv4 support |
-| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
-| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
-| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
-| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
-| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
-| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
-| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
-| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
-| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
-| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug, audit |
-| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
-| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
-| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
-| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
-| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
-| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
-| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
-| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
-| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
-| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
-| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
-| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
-| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
-| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
-| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
-| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
-| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
-| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
-| ban_resolver | option | - | external resolver used for DNS lookups |
+| Option | Type | Default | Description |
+| :---------------------- | :----- | :---------------------------- | :-------------------------------------------------------------------------------------------- |
+| ban_enabled | option | 0 | enable the banIP service |
+| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
+| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
+| ban_loglimit | option | 100 | scan only the last n log entries permanently. Set it to '0' to disable the monitor |
+| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
+| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
+| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
+| ban_debug | option | 0 | enable banIP related debug logging |
+| ban_loginput | option | 1 | log drops in the wan-input chain |
+| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
+| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
+| ban_autoallowlist | option | 1 | add wan IPs/subnets automatically to the local allowlist |
+| ban_autoblocklist | option | 1 | add suspicious attacker IPs automatically to the local blocklist |
+| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
+| ban_basedir | option | /tmp | base working directory while banIP processing |
+| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
+| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
+| ban_protov4 | option | - / autodetect | enable IPv4 support |
+| ban_protov6 | option | - / autodetect | enable IPv4 support |
+| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
+| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
+| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
+| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
+| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
+| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
+| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
+| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
+| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
+| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
+| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
+| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
+| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
+| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
+| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
+| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
+| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
+| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
+| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
+| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
+| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
+| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
+| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
+| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
+| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
+| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
+| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
+| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
+| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
+| ban_resolver | option | - | external resolver used for DNS lookups |
## Examples
**banIP report information**
Finally add a valid E-Mail receiver address.
**change existing banIP feeds or add a new one**
-The banIP blocklist feeds are stored in an external JSON file '/etc/banip/banip.feeds'.
-A valid JSON source object contains the following required information, e.g.:
+The banIP default blocklist feeds are stored in an external JSON file '/etc/banip/banip.feeds'. All custom changes should be stored in an external JSON file '/etc/banip/banip.custom.feeds' (empty by default). It's recommended to use the LuCI based Custom Feed Editor to make changes to this file.
+A valid JSON source object contains the following information, e.g.:
```
[...]
"tor": {
"url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "tor exit nodes",
- "descurl": "https://github.com/SecOps-Institute/Tor-IP-Addresses"
+ "descr": "tor exit nodes",
+ "flag": ""
},
[...]
```
-Add an unique object name (no spaces, no special chars) and make the required changes: adapt at least the URL the regex to the new feed.
-**Please note:** if you're going to add new feeds, **always** make a backup of your work, cause this file is always overwritten with the maintainers version on every banIP update.
+Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed. The flag is optional, currently only 'gz' is supported to process archive downloads.
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
ban_backupdir="/tmp/banIP-backup"
ban_reportdir="/tmp/banIP-report"
ban_feedfile="/etc/banip/banip.feeds"
+ban_customfeedfile="/etc/banip/banip.custom.feeds"
ban_allowlist="/etc/banip/banip.allowlist"
ban_blocklist="/etc/banip/banip.blocklist"
ban_mailtemplate="/etc/banip/banip.tpl"
ban_splitsize="0"
ban_autodetect="1"
ban_feed=""
+ban_blockpolicy=""
ban_blockinput=""
ban_blockforwardwan=""
ban_blockforwardlan=""
[ "${core}" = "0" ] && core="1"
ban_cores="$((cpu * core))"
fi
-
- f_log "debug" "f_system ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}"
}
# create directories
f_char() {
local char="${1}"
- [ "${char}" = "1" ] && printf "%s" "✔" || printf "%s" "✘"
+ if [ "${char}" = "1" ]; then
+ printf "%s" "✔"
+ elif [ "${char}" = "0" ] || [ -z "${char}" ]; then
+ printf "%s" "✘"
+ else
+ printf "%s" "${char}"
+ fi
}
# trim strings
f_log "debug" "f_getsub ::: auto/update: ${ban_autoallowlist}/${update}, subnet(s): ${ban_sub:-"-"}"
}
+# get feed information
+#
+f_getfeed() {
+ json_init
+ if [ -s "${ban_customfeedfile}" ]; then
+ if ! json_load_file "${ban_customfeedfile}" >/dev/null 2>&1; then
+ f_log "info" "banIP custom feed file can't be loaded"
+ if ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then
+ f_log "err" "banIP feed file can't be loaded"
+ fi
+ fi
+ elif ! json_load_file "${ban_feedfile}" >/dev/null 2>&1; then
+ f_log "err" "banIP feed file can't be loaded"
+ fi
+}
+
# get set elements
#
f_getelements() {
[ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_nftloglevel} prefix \"banIP/fwd-wan/drp/${feed}: \""
[ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_nftloglevel} prefix \"banIP/fwd-lan/rej/${feed}: \""
- # set source block direction
+ # set feed block direction
#
+ if [ "${ban_blockpolicy}" = "input" ]; then
+ if ! printf "%s" "${ban_blockinput}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardwan}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardlan}" | "${ban_grepcmd}" -q "${feed%v*}"; then
+ ban_blockinput="${ban_blockinput} ${feed%v*}"
+ fi
+ elif [ "${ban_blockpolicy}" = "forwardwan" ]; then
+ if ! printf "%s" "${ban_blockinput}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardwan}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardlan}" | "${ban_grepcmd}" -q "${feed%v*}"; then
+ ban_blockforwardwan="${ban_blockforwardwan} ${feed%v*}"
+ fi
+ elif [ "${ban_blockpolicy}" = "forwardlan" ]; then
+ if ! printf "%s" "${ban_blockinput}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardwan}" | "${ban_grepcmd}" -q "${feed%v*}" &&
+ ! printf "%s" "${ban_blockforwardlan}" | "${ban_grepcmd}" -q "${feed%v*}"; then
+ ban_blockforwardlan="${ban_blockforwardlan} ${feed%v*}"
+ fi
+ fi
if printf "%s" "${ban_blockinput}" | "${ban_grepcmd}" -q "${feed%v*}"; then
feed_direction="input"
fi
fi
fi
} >"${tmp_nft}"
- feed_rc="${?}"
+ feed_rc="0"
elif [ "${feed%v*}" = "blocklist" ]; then
{
printf "%s\n\n" "#!/usr/sbin/nft -f"
[ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
fi
} >"${tmp_nft}"
- feed_rc="${?}"
+ feed_rc="0"
# handle external downloads
#
elif [ "${restore_rc}" != "0" ] && [ "${feed_url}" != "local" ]; then
if [ -n "${ban_splitsize//[![:digit]]/}" ] && [ "${ban_splitsize//[![:digit]]/}" -gt "0" ]; then
if ! "${ban_awkcmd}" "NR%${ban_splitsize//[![:digit]]/}==1{file=\"${tmp_file}.\"++i;}{ORS=\" \";print > file}" "${tmp_split}" 2>/dev/null; then
rm -f "${tmp_file}".*
- f_log "info" "failed to split ${feed} set to size '${ban_splitsize//[![:digit]]/}'"
+ f_log "info" "failed to split '${feed}' Set to size '${ban_splitsize//[![:digit]]/}'"
fi
else
"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}.1"
continue
fi
if ! "${ban_nftcmd}" add element inet banIP "${feed}" "{ $(cat "${split_file}") }" >/dev/null 2>&1; then
- f_log "info" "failed to add split file '${split_file##*.}' to ${feed} set"
+ f_log "info" "failed to add split file '${split_file##*.}' to '${feed}' Set"
fi
rm -f "${split_file}"
done
fi
fi
else
- f_log "info" "empty feed ${feed} will be skipped"
+ f_log "info" "empty feed '${feed}' will be skipped"
fi
fi
rm -f "${tmp_split}" "${tmp_nft}"
# remove disabled feeds
#
f_rmset() {
- local tmp_del ruleset_raw table_sets handle set del_set feed_log feed_rc
+ local feedlist tmp_del ruleset_raw table_sets handle set del_set feed_log feed_rc
+ f_getfeed
+ json_get_keys feedlist
tmp_del="${ban_tmpfile}.final.delete"
ruleset_raw="$("${ban_nftcmd}" -tj list ruleset 2>/dev/null)"
table_sets="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -qe '@.nftables[@.set.table="banIP"].set.name')"
{
printf "%s\n\n" "#!/usr/sbin/nft -f"
for set in ${table_sets}; do
- if ! printf "%s" "allowlist blocklist ${ban_feed}" | "${ban_grepcmd}" -q "${set%v*}"; then
+ if ! printf "%s" "allowlist blocklist ${ban_feed}" | "${ban_grepcmd}" -q "${set%v*}" ||
+ ! printf "%s" "allowlist blocklist ${feedlist}" | "${ban_grepcmd}" -q "${set%v*}"; then
del_set="${del_set}${set}, "
rm -f "${ban_backupdir}/banIP.${set}.gz"
printf "%s\n" "flush set inet banIP ${set}"
# generate status information
#
f_genstatus() {
- local object duration set table_sets cnt_elements="0" split="0" status="${1}"
+ local object duration set table_sets cnt_elements="0" custom="0" split="0" status="${1}"
[ -z "${ban_dev}" ] && f_conf
if [ "${status}" = "active" ]; then
fi
runtime="action: ${ban_action:-"-"}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")"
fi
+ [ -s ${ban_customfeedfile} ] && custom="1"
[ ${ban_splitsize:-"0"} -gt "0" ] && split="1"
: >"${ban_rtfile}"
json_add_string "version" "${ban_ver}"
json_add_string "element_count" "${cnt_elements}"
json_add_array "active_feeds"
- if [ "${status}" != "active" ]; then
+ for object in ${table_sets:-"-"}; do
json_add_object
- json_add_string "feed" "-"
+ json_add_string "feed" "${object}"
json_close_object
- else
- for object in ${table_sets}; do
- json_add_object
- json_add_string "feed" "${object}"
- json_close_object
- done
- fi
+ done
json_close_array
json_add_array "active_devices"
- if [ "${status}" != "active" ]; then
+ for object in ${ban_dev:-"-"}; do
json_add_object
- json_add_string "device" "-"
+ json_add_string "device" "${object}"
json_close_object
- else
- for object in ${ban_dev}; do
- json_add_object
- json_add_string "device" "${object}"
- json_close_object
- done
- for object in ${ban_ifv4} ${ban_ifv6}; do
- json_add_object
- json_add_string "interface" "${object}"
- json_close_object
- done
- fi
+ done
+ for object in ${ban_ifv4:-"-"} ${ban_ifv6:-"-"}; do
+ json_add_object
+ json_add_string "interface" "${object}"
+ json_close_object
+ done
json_close_array
json_add_array "active_subnets"
- if [ "${status}" != "active" ]; then
+ for object in ${ban_sub:-"-"}; do
json_add_object
- json_add_string "subnet" "-"
+ json_add_string "subnet" "${object}"
json_close_object
- else
- for object in ${ban_sub}; do
- json_add_object
- json_add_string "subnet" "${object}"
- json_close_object
- done
- fi
+ done
json_close_array
json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}"
- json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}, feed: ${ban_feedfile}"
+ json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}, feed/custom: ${ban_feedfile}/$(f_char ${custom})"
json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (wan-inp/wan-fwd/lan-fwd): $(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), allowed only: $(f_char ${ban_allowlistonly})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system_info" "cores: ${ban_cores}, memory: ${ban_memory}, device: ${ban_sysver}"
done
if [ -n "${elementsv4}" ]; then
if ! "${ban_nftcmd}" add element inet banIP "${feed}v4" "{ ${elementsv4} }" >/dev/null 2>&1; then
- f_log "info" "failed to add lookup file to ${feed}v4 set"
+ f_log "info" "failed to add lookup file to '${feed}v4' Set"
fi
fi
if [ -n "${elementsv6}" ]; then
if ! "${ban_nftcmd}" add element inet banIP "${feed}v6" "{ ${elementsv6} }" >/dev/null 2>&1; then
- f_log "info" "failed to add lookup file to ${feed}v6 set"
+ f_log "info" "failed to add lookup file to '${feed}v6' Set"
fi
fi
end_time="$(date "+%s")"
duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s"
- f_log "info" "Lookup summary for the local ${feed}: Domains processed: ${cnt_domain}, IPs added: ${cnt_ip}, Duration: ${duration}"
+ f_log "debug" "feed: ${feed}, domains: ${cnt_domain}, IPs: ${cnt_ip}, duration: ${duration}"
}
# table statistics
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adaway-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "adaway IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "adaway IPs"
},
"adguard": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "adguard IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "adguard IPs"
},
"adguardtrackers": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "adguardtracker IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "adguardtracker IPs"
},
"antipopads": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "antipopads IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "antipopads IPs"
},
"asn": {
"url_4": "https://asn.ipinfo.app/api/text/list/",
"url_6": "https://asn.ipinfo.app/api/text/list/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "ASN IPs",
- "descurl": "https://asn.ipinfo.app"
+ "descr": "ASN IPs"
},
"backscatterer": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "backscatterer IPs",
- "descurl": "https://www.uceprotect.net/en/index.php",
+ "descr": "backscatterer IPs",
"flag": "gz"
},
"bogon": {
"url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "bogon prefixes",
- "descurl": "https://team-cymru.com"
+ "descr": "bogon prefixes"
},
"cinsscore": {
"url_4": "https://cinsscore.com/list/ci-badguys.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "suspicious attacker IPs",
- "descurl": "https://cinsscore.com/#list"
+ "descr": "suspicious attacker IPs"
},
"country": {
"url_4": "https://www.ipdeny.com/ipblocks/data/aggregated/",
"url_6": "https://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "country blocks",
- "descurl": "http://www.ipdeny.com/ipblocks"
+ "descr": "country blocks"
},
"darklist": {
"url_4": "https://darklist.de/raw.php",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "suspicious attacker IPs",
- "descurl": "https://darklist.de"
+ "descr": "suspicious attacker IPs"
},
"debl": {
"url_4": "https://www.blocklist.de/downloads/export-ips_all.txt",
"url_6": "https://www.blocklist.de/downloads/export-ips_all.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "fail2ban IP blacklist",
- "descurl": "https://www.blocklist.de"
+ "descr": "fail2ban IP blacklist"
},
"doh": {
"url_4": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "public DoH-Provider",
- "descurl": "https://github.com/dibdot/DoH-IP-blocklists"
+ "descr": "public DoH-Provider"
},
"drop": {
"url_4": "https://www.spamhaus.org/drop/drop.txt",
"url_6": "https://www.spamhaus.org/drop/dropv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "spamhaus drop compilation",
- "descurl": "https://www.spamhaus.org"
+ "descr": "spamhaus drop compilation"
},
"dshield": {
"url_4": "https://feeds.dshield.org/block.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s/%s,\\n\",$1,$3}",
- "focus": "dshield IP blocklist",
- "descurl": "https://www.dshield.org"
+ "descr": "dshield IP blocklist"
},
"edrop": {
"url_4": "https://www.spamhaus.org/drop/edrop.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "spamhaus edrop compilation",
- "descurl": "https://www.spamhaus.org"
+ "descr": "spamhaus edrop compilation"
},
"feodo": {
"url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
"rule_4": "BEGIN{RS=\"\\r\\n\"}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "feodo tracker",
- "descurl": "https://feodotracker.abuse.ch"
+ "descr": "feodo tracker"
},
"firehol1": {
"url_4": "https://iplists.firehol.org/files/firehol_level1.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "firehol level 1 compilation",
- "descurl": "https://iplists.firehol.org/?ipset=firehol_level1"
+ "descr": "firehol level 1 compilation"
},
"firehol2": {
"url_4": "https://iplists.firehol.org/files/firehol_level2.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "firehol level 2 compilation",
- "descurl": "https://iplists.firehol.org/?ipset=firehol_level2"
+ "descr": "firehol level 2 compilation"
},
"firehol3": {
"url_4": "https://iplists.firehol.org/files/firehol_level3.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "firehol level 3 compilation",
- "descurl": "https://iplists.firehol.org/?ipset=firehol_level3"
+ "descr": "firehol level 3 compilation"
},
"firehol4": {
"url_4": "https://iplists.firehol.org/files/firehol_level4.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{if(!seen[$1]++)printf \"%s,\\n\",$1}",
- "focus": "firehol level 4 compilation",
- "descurl": "https://iplists.firehol.org/?ipset=firehol_level4"
+ "descr": "firehol level 4 compilation"
},
"greensnow": {
"url_4": "https://blocklist.greensnow.co/greensnow.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "suspicious server IPs",
- "descurl": "https://greensnow.co"
+ "descr": "suspicious server IPs"
},
"iblockads": {
"url_4": "https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "advertising IPs",
- "descurl": "https://www.iblocklist.com",
- "flag": "gz",
- "login": true
+ "descr": "advertising IPs",
+ "flag": "gz"
},
"iblockspy": {
"url_4": "https://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=cidr&archiveformat=gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "malicious spyware IPs",
- "descurl": "https://www.iblocklist.com",
- "flag": "gz",
- "login": true
+ "descr": "malicious spyware IPs",
+ "flag": "gz"
+ },
+ "ipthreat": {
+ "url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}",
+ "descr": "hacker and botnet IPs"
},
"myip": {
"url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
"url_6": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "real-time IP blocklist",
- "descurl": "https://myip.ms"
+ "descr": "real-time IP blocklist"
},
"nixspam": {
"url_4": "https://www.nixspam.net/download/nixspam-ip.dump.gz",
"rule_4": "/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
- "focus": "iX spam protection",
- "descurl": "https://www.nixspam.net",
+ "descr": "iX spam protection",
"flag": "gz"
},
"oisdbig": {
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdbig-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "OISD-big IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "OISD-big IPs"
},
"oisdnsfw": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "OISD-nsfw IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "OISD-nsfw IPs"
},
"oisdsmall": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "OISD-small IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "OISD-small IPs"
},
"proxy": {
"url_4": "https://iplists.firehol.org/files/proxylists.ipset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "open proxies",
- "descurl": "https://iplists.firehol.org/?ipset=proxylists"
+ "descr": "open proxies"
},
"sslbl": {
"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
"rule_4": "BEGIN{FS=\",\"}/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
- "focus": "SSL botnet IPs",
- "descurl": "https://sslbl.abuse.ch"
+ "descr": "SSL botnet IPs"
},
"stevenblack": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "stevenblack IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "stevenblack IPs"
},
"talos": {
"url_4": "https://www.talosintelligence.com/documents/ip-blacklist",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "talos IPs",
- "descurl": "https://talosintelligence.com/reputation_center"
+ "descr": "talos IPs"
},
"threat": {
"url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "emerging threats",
- "descurl": "https://rules.emergingthreats.net"
+ "descr": "emerging threats"
},
"threatview": {
"url_4": "https://threatview.io/Downloads/IP-High-Confidence-Feed.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "malicious IPs",
- "descurl": "https://threatview.io"
+ "descr": "malicious IPs"
},
"tor": {
"url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
"url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "tor exit nodes",
- "descurl": "https://github.com/SecOps-Institute/Tor-IP-Addresses"
+ "descr": "tor exit nodes"
},
"uceprotect1": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "spam protection level 1",
- "descurl": "http://www.uceprotect.net/en/index.php",
+ "descr": "spam protection level 1",
"flag": "gz"
},
"uceprotect2": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-2.uceprotect.net.gz",
"rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]NET)/{printf \"%s,\\n\",$1}",
- "focus": "spam protection level 2",
- "descurl": "http://www.uceprotect.net/en/index.php",
+ "descr": "spam protection level 2",
"flag": "gz"
},
"uceprotect3": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-3.uceprotect.net.gz",
"rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]YOUR)/{printf \"%s,\\n\",$1}",
- "focus": "spam protection level 3",
- "descurl": "http://www.uceprotect.net/en/index.php",
+ "descr": "spam protection level 3",
"flag": "gz"
},
"urlhaus": {
"url_4": "https://urlhaus.abuse.ch/downloads/ids/",
"rule_4": "match($0,/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]))/){printf \"%s,\\n\",substr($0,RSTART,RLENGTH)}",
- "focus": "urlhaus IDS IPs",
- "descurl": "https://urlhaus.abuse.ch"
+ "descr": "urlhaus IDS IPs"
},
"urlvir": {
"url_4": "https://iplists.firehol.org/files/urlvir.ipset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "malware related IPs",
- "descurl": "https://iplists.firehol.org/?ipset=urlvir"
+ "descr": "malware related IPs"
},
"voip": {
"url_4": "https://voipbl.org/update/",
"rule_4": "BEGIN{RS=\"(([0-9]{1,3}\\\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)\"}{if(RT)printf \"%s,\\n\",RT}",
- "focus": "VoIP fraud blocklist",
- "descurl": "https://voipbl.org"
+ "descr": "VoIP fraud blocklist"
},
"webclient": {
"url_4": "https://iplists.firehol.org/files/firehol_webclient.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
- "focus": "malware related IPs",
- "descurl": "https://iplists.firehol.org/?ipset=firehol_webclient"
+ "descr": "malware related IPs"
},
"yoyo": {
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "focus": "yoyo IPs",
- "descurl": "https://github.com/dibdot/banIP-IP-blocklists"
+ "descr": "yoyo IPs"
}
}
projects / feed / packages.git / commitdiff