Using the Emerging Threats Firewall Rules

The firewall rulesets are versions of the IP Block lists in a format easily imported into IPF, IPTables, PF, and PIX firewalls.

These rulesets are updated at least daily, we recommend updating your firewalls at the very least once a week, as these hosts may change often. The Spamhaus DROP list is less dynamic, however it does change so be sure to update regularly.

As each update is made a revision number is incremented. That is available here:

Ruleset sources include the DShield Top Attackers, the Spamhaus DROP list, the Active Command and Control Servers, and our RussianBusinessNetwork Known Networks.

Rules available here:

A script by Joshua Gimer to automatically update an IPTables firewall is available here:

It should be easily adapted to service most any other firewall.

Changes in Version 2.0

  • Added Syslog support
  • Added IP address verification
  • Added individual IP address and CIDR range white-listing support

Topic attachments
I Attachment Action Size Date Who Comment
Texttxt manage 6.7 K 2009-02-01 - 23:54 UnknownUser an ipset version of the script by Joshua Gimer
Texttxt manage 4.5 K 2008-10-09 - 22:18 UnknownUser Version 2.0 by Joshua Gimer
Edit | Attach | Print version | History: r11 | r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r7 - 2009-02-01 - WilliamMetcalf
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats