Update firewall rules to filter invalid ip address.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Thomas Chevalier 5bbed1d25d Update 'README.md' 7 months ago
.gitignore Initial commit 7 months ago
LICENSE Initial commit 7 months ago
README.md Update 'README.md' 7 months ago
poetry.lock Initial commit 7 months ago
pyproject.toml Initial commit 7 months ago
updateBogons Initial commit 7 months ago
updateBogons.service Initial commit 7 months ago
updateBogons.timer Initial commit 7 months ago
updateBogonsOnBoot.service Initial commit 7 months ago

README.md

updateBogons

This script fetches a list of bogons from team cymru (see https://team-cymru.com/community-services/bogon-reference/) and updates the corresponding sets in the firewall.

The bogon list is downloaded then compared to the current list stored on the disk (got from the previous run). If the two list differ the corresponding nftables set is flushed then filled with the new list. This operation is atomic.

Installation

This script need root privileges. The included systemd service files assumes that a group "nftables" exists and has the right to execute the command nft without password.

The default working directory is /var/cache/updateBogons/ and is automatically created if it does not exist.

The updateBogons script must be placed in /usr/local/bin/updateBogons