Using the Emerging Threats Firewall Rules
The firewall rulesets are versions of the IP Block lists in a format easily imported into IPF, IPTables, PF, and PIX firewalls.
These rulesets are updated at least daily, we recommend updating your firewalls at the very least once a week, as these hosts may change often. The Spamhaus DROP list is less dynamic, however it does change so be sure to update regularly.
As each update is made a revision number is incremented. That is available here:
http://rules.emergingthreats.net/fwrules/FWrev
Ruleset sources include the
DShield Top Attackers, the
Spamhaus DROP list, and the
Shadowserver.org Active Command and Control Servers.
Rules available here:
http://rules.emergingthreats.net/fwrules
A script by Joshua Gimer to automatically update an IPTables firewall is available here:
It should be easily adapted to service most any other firewall.
Changes in Version 2.0
- Added Syslog support
- Added IP address verification
- Added individual IP address and CIDR range white-listing support
- Note (May 10, 2011): You may receive Perl warnings from Net::IP::Match stating that CIDR ranges are not parsing correctly. This is incorrect; CIDR ranges are being parsed correctly. You can suppress these errors by sending stderr to /dev/null. (Example: emerging-iptables-update.pl 2>/dev/null &)