Skip to content

devrt/docker-firehol-update-ipsets

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker image to download and update most recent FireHOL IP list

Background

FireHOL update-ipsets is a great script to download and update most recent iplist of internet attackers.

http://iplists.firehol.org/

This docker image will run update-ipsets and apply the ipset to the local computer periodically.

Usage

First, lets download and start a firehol-update-ipsets container. By entering the following command, permanent periodic update process will be created.

$ docker volume create firehol-update-ipsets
$ docker run --name firehol-update-ipsets -it -d --restart=always --cap-add=NET_ADMIN --net=host -v firehol-update-ipsets:/etc/firehol/ipsets devrt/firehol-update-ipsets

Then, lets enable the ipset. For example, we enable protection by firehol_level2 and tor_exits iplist.

$ docker exec firehol-update-ipsets enable firehol_level2
$ docker exec firehol-update-ipsets enable tor_exits

Above command will apply the ipset to iptables automatically, so be careful when you enable the ipset which contains private IPs (e.g. firehol_level1). You will be locked out from the server if such ipset is enabled. You can find the iplist contains private IPs from the following URL:

http://iplists.firehol.org/?ipset=iblocklist_iana_private

Lets check that the ipset applied to the kernel correctly.

$ sudo ipset list -t
$ sudo iptables-save

From now on, the ipset is updated periodically to the most recent one by the update-ipsets script. You can confirm the update by the following command.

$ docker logs firehol-update-ipsets

Written by

Yosuke Matsusaka [email protected]

Distributed under MIT license.