Several sources provide IP blacklist free to download, you can leverage the blacklist to plan the blocking policies for your own firewall.
Assuming that we have three different sources of blacklist, one is a local-maintained blacklist at /path/to/blacklist_local, two external sources from internet as listed above. All the sources will be combined into a finalized blacklist /path/to/blacklist. Let's see the steps:
- Create an executable script for maintaining the blacklist.
- Make the script executable
- Schedule the job in cron table
[root@test ~]# vi /path/to/maintain_blacklist.sh
# Copy the local-maintained blacklist to the final blacklist
cat $WDIR/blacklist_local > $IPLT
# Download the blacklists from Internet and add them to the final blacklist
curl -s http://myip.ms/files/blacklist/csf/latest_blacklist.txt >> $IPLT
curl -s http://infiltrated.net/blacklisted >> $IPLT
[root@test ~]# chmod u+x /path/to/maintain_blacklist.sh
[root@test ~]# crontab -e
0 0 * * * sh /path/to/maintain_blacklist.sh
I scheduled the job to be executed every day.
Next, you should plan to apply the blacklist into IPTables, you may refer to my post for more implementations: How to Block Blacklist in IPTables.