BlackIP is a project that collects and unifies public blacklists of IP addresses, to make them compatible with Squid and IPSET (Iptables Netfilter)
BlackIP es un proyecto que recopila y unifica listas negras públicas de direcciones IPs, para hacerlas compatibles con Squid e IPSET (Iptables Netfilter)
lst | Black IPs | txt size | tar.gz size |
---|---|---|---|
blackip.txt | 3.505.683 | 50.1 Mb | 10.4 Mb |
git ipset iptables bash tar zip wget squid subversion python ulogd2
git clone --depth=1 https://github.com/maravento/blackip.git
blackip.txt
is already optimized. Download it and unzip it in the path of your preference / blackip.txt
ya viene optimizada. Descárguela y descomprimala en la ruta de su preferencia
wget -q -N https://raw.githubusercontent.com/maravento/blackip/master/blackip.tar.gz && cat blackip.tar.gz* | tar xzf -
wget -q -N https://raw.githubusercontent.com/maravento/blackip/master/checksum.md5
md5sum blackip.txt | awk '{print $1}' && cat checksum.md5 | awk '{print $1}'
IPSET Rules
This module allows us to perform mass filtering, at a processing speed far superior to other Solutions (See the benchmark). It includes geographical areas with IPDeny) / Este módulo nos permite realizar filtrado masivo, a una velocidad de procesamiento muy superior a otras soluciones (Vea el benchmark). Se incluye zonas geográficas con IPDeny)
Edit your Iptables script and add the following lines: / Edite su script de Iptables y agregue las siguientes líneas:
# IPSET BLACKZONE (select country to block and ip/range) ###
# http://www.ipdeny.com/ipblocks/
ipset=/sbin/ipset
iptables=/sbin/iptables
route=/path_to_blackip/
zone=/path_to_zones/zones
if [ ! -d $zone ]; then mkdir -p $zone; fi
$ipset -F
$ipset -N -! blackzone hash:net maxelem 1000000
# Uncomment this line if you want to block entire countries
#for ip in $(cat $zone/{cn,ru}.zone $route/blackip.txt); do
# Uncomment this line if you want to block only ips (recommended)
for ip in $(cat $route/blackip.txt); do
$ipset -A blackzone $ip
done
$iptables -t mangle -A PREROUTING -m set --match-set blackzone src -j NFLOG --nflog-prefix 'Blackzone Block'
$iptables -t mangle -A PREROUTING -m set --match-set blackzone src -j DROP
$iptables -A FORWARD -m set --match-set blackzone dst -j NFLOG --nflog-prefix 'Blackzone Block'
$iptables -A FORWARD -m set --match-set blackzone dst -j DROP
You can block entire countries ranges (e.g. China, Rusia, etc) with IPDeny adding the countries to the line: / Puede incluir rangos completos de países (e.g. China, Rusia, etc) con IPDeny agregando los países a la línea:
for ip in $(cat $zone/{cn,ru}.zone $route/blackip.txt); do
In case of error or conflict, execute: / En caso de error o conflicto, ejecute:
sudo ipset flush blackzone # (or: sudo ipset flush)
NFLOG: /var/log/ulog/syslogemu.log
chown root:root /var/log
apt -y install ulogd2
if [ ! -d /var/log/ulog/syslogemu.log ]; then mkdir -p /var/log/ulog && touch /var/log/ulog/syslogemu.log; fi
usermod -a -G ulog $USER
Squid Rule
Edit:
/etc/squid/squid.conf
And add the following lines: / Y agregue las siguientes líneas:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl blackip dst "/path_to/blackip.txt"
http_access deny blackip
- Should not be used
blackip.txt
in IPSET and in Squid at the same time (double filtrate) / No debe utilizarblackip.txt
en IPSET y en Squid al mismo tiempo (doble filtrado) blackip.txt
is a list IPv4. Does not include CIDR /blackip.txt
es una lista IPv4. No incluye CIDRblackip.txt
does not include private/reserved ranges RFC1918 (ianacidr.txt
) /blackip.txt
no incluye rangos privados/reservados RFC1918 (ianacidr.txt
)blackip.txt
has been tested in Squid v3.5.x /blackip.txt
ha sido testeada en Squid v3.5.x
Squid-Cache Advanced Rules
Blackip contains millions of IP addresses, therefore it is recommended: / Blackip contiene millones de direcciones IP, por tanto se recomienda:
- Use
betra.txt
to add IP/CIDR that are not inblackip.txt
(By default it contains some BlackCIDR) / Usebwextra.txt
para agregar IP/CIDR que no se encuentren enblackip.txt
(Por defecto contiene algunos BlackCIDR) - Use
whiteip.txt
; a white list of IPv4 IP addresses (Hotmail, Gmail, Yahoo. Etc) / Usewhiteip.txt
; una lista blanca de direcciones IPs IPv4 (Hotmail, Gmail, Yahoo. etc) - Use
wextra.txt
to add whitelists of IP/CIDRs that are not included inwhiteip.txt
/ Usewextra.txt
para agregar listas blancas de IP/CIDR que no están incluidas enwhiteip.txt
- To increase security, close Squid to any other request to IP addresses. Very useful for blocking anonymizers / Para incrementar la seguridad, cierre Squid a cualquier otra petición a direcciones IP. Muy útil para el bloqueo de anonimizadores
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# blackip rules
acl bextra dst "/path_to/bextra.txt"
http_access deny bextra
acl blackip dst "/path_to/blackip.txt"
http_access deny blackip
# whiteip rules
acl wextra dst "/path_to/wextra.txt"
http_access allow wextra
acl whiteip dst "/path_to/whiteip.txt"
http_access allow whiteip
# deny all IPs
acl no_ip url_regex -i [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
http_access deny no_ip
Update and debugging can take and consume many hardware resources and bandwidth. It is not recommended to run it on production equipment / La actualización y depuración puede tardar y consumir muchos recursos de hardware y ancho de banda. No se recomienda ejecutarla en equipos en producción
The update process of
blackip.txt
is executed in sequence by the scriptbipupdate.sh
/ El proceso de actualización deblackip.txt
es ejecutado en secuencia por el scriptbipupdate.sh
wget -q -N https://raw.githubusercontent.com/maravento/blackip/master/bipupdate/bipupdate.sh && chmod +x bipupdate.sh && ./bipupdate.sh
tw.txt
containing IPs of teamviewer servers. By default they are commented. To block or authorize them, activate them inbipupdate.sh
. To update it usetw.sh
/tw.txt
contiene IPs de servidores teamviewer. Por defecto están comentadas. Para bloquearlas o autorizarlas activelas enbipupdate.sh
. Para actualizarla usetw.sh
- You must activate the rules in Squid before using
bipupdate.sh
/ Antes de utilizarbipupdate.sh
debe activar las reglas en Squid
BlackIP: Done 06/05/2019 15:47:14
whiteip.txt
is already updated and optimized. The update process ofwhiteip.txt
is executed in sequence by the scriptwipupdate.sh
/whiteip.txt
ya esta actualizada y optimizada. El proceso de actualización dewhiteip.txt
es ejecutado en secuencia por el scriptwipupdate.sh
wget -q -N https://raw.githubusercontent.com/maravento/blackip/master/bipupdate/wlst/wipupdate.sh && chmod +x wipupdate.sh && ./wipupdate.sh
- Abuse.ch Feodo Tracker
- adservers yoyo
- BL Myip
- Cinsscore
- Emerging Threats Block
- Emerging Threats compromised
- Firehold Forus Spam
- Greensnow
- IPDeny
- Malc0de IP Blacklist
- Malwaredomain IP List
- Maxmind
- MyIP BL
- Open BL
- opsxcq proxy-list
- Project Honeypot
- Ransomwaretracker
- Rulez BruteForceBlocker
- Spamhaus
- StopForumSpam 180
- The LashBack UBL
- TOR BulkExitList
- TOR Node List
- Ultimate Hosts IPs Blacklist. Mirror
- Zeustracker
- Blocklist and Blocklist Export. Replaced by Ultimate Hosts IPs Blacklist
- Firehold Level 1 (Excluded for containing CIDR)
- OpenBL (Server Down. Last Updated Known Apr 1/2016. Added to:
oldips.txt
) - StopForumSpam Toxic CIDR (Excluded for containing CIDR)
- UCEPROTECT IP Blacklists / BACKSCATTERER.ORG Blacklist (Server Down. Last Updated Known Ago 17/2017. Added to:
oldips.txt
)
- Amazon AWS (Excluded for containing CIDR)
- Microsoft Azure Datacenter (Excluded for containing CIDR)
- O365IPAddresses (No longer support. See This post)
We thank all those who contributed to this project. Those interested may contribute sending us new "Blacklist" links to be included in this project / Agradecemos a todos aquellos que han contribuido a este proyecto. Los interesados pueden contribuir, enviándonos enlaces de nuevas "Blacklist", para ser incluidas en este proyecto
Special thanks to: Jhonatan Sneider
BTC: 3M84UKpz8AwwPADiYGQjT9spPKCvbqm4Bc
maravento.com is licensed under a Creative Commons Reconocimiento-CompartirIgual 4.0 Internacional License.
© 2019 Maravento Studio
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.