Skip to content
/ nft-block Public

Simple Bash script for blocking IPs in nftables using blacklists

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

me-asri/nft-block

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
nft-block
nft-block
 
 

Repository files navigation

nft-block

Script for blocking IPs in nftables using blacklists.

Features

  • Simple, powerful and easy to use
  • Purely written in Bash with no dependency on Python
  • Daemon-less
  • Does not interfere with user-defined nftables rules

Requirements

  • nftables
  • bash
  • curl

Description

nft-block is a simple Bash script for applying and updating IP blacklists from remote blacklist files.
All input/output traffic from/to blacklisted IPs will be blocked.

nft-block does not interfere with user-defined nftables rules.

  • Rules created by this script are stored in nft-block table.
  • Created filter chains have a high priority of -190 (most user-defined filter chains do not use such high priority)

While installation is not necessary, without installation applied rules will not persist between system startups and won't be kept up-to-date.

Usage

$ # Clone this project
$ git clone https://github.com/me-asri/nft-block
$ cd nft-block
$ # Execute nft-block as root
# ./nft-block -h
Usage: nft-block <options>
 Example:
  - Apply blacklist: nft-block -l https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
  - Install:         nft-block -i -l https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
  - Uninstall:       nft-block -u
 
 Options:
   -l blacklist                : Apply blacklist
                                 - Can be specified multiple times to apply as many blacklists as needed
   -x [protocol://]host[:port] : Use specified proxy
   -r                          : Clear nft-block firewall rules
   -i                          : Install to system
   -u                          : Uninstall from system

Example

Applying Feodo Tracker Botnet C2 IP blacklist

Applying a blacklist from a remote source is as simple as:

# ./nft-block -l https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
[*] Adding firewall rules
[*] Loading blacklist https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
[*] Adding 168 IPv4 addresses to blacklist
[*] Done!

Applying Feodo Tracker Botnet C2 IP blacklist and blocklist.de IP blacklist

It's also possible to apply multiple blacklists at the same time:

# ./nft-block -l https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt \
              -l https://lists.blocklist.de/lists/all.txt
[*] Adding firewall rules
[*] Loading blacklist https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
[*] Loading blacklist https://lists.blocklist.de/lists/all.txt
[*] Adding 16276 IPv4 addresses to blacklist
[*] Adding 21 IPv6 addresses to blacklist
[*] Done!

Clearing nft-block rules

Clearing rules applied by nft-block is as simple as:

# ./nft-block -r
[*] Clearing nft-block firewall rules

Installation & Persistence

It's possible to install nft-block on your system to keep blocked IPs up-to-date and achieve persistence.

nft-block supprots persistence only on Systemd systems using timers.
For systemd-less systems a cron job must be manually inserted.

Installation

Passing in the -i option while executing nft-block will

  • install nft-block to /usr/local/bin/nft-block
  • create a persistence service nft-block.service and timer nft-block.timer that execute nft-block with the same arguments used every 5 minutes to update rules.

Example

# ./nft-block -i -l https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
[*] Installing nft-block
[*] Installed nft-block to /usr/local/bin/nft-block
[*] Using systemd timer for persistence
[*] Creating nft-block service
[*] Creating nft-block timer
Created symlink /etc/systemd/system/timers.target.wants/nft-block.timer → /etc/systemd/system/nft-block.timer.
[*] Adding firewall rules
[*] Loading blacklist https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
[*] Adding 168 IPv4 addresses to blacklist
[*] Done!

Uninstallation

The -u option will uninstall nft-block from the system along with installed persistence service and remove any firewall rules applied.

# nft-block -u
[*] Uninstalling nft-block
[*] Removing nft-block timer
Removed "/etc/systemd/system/timers.target.wants/nft-block.timer".
[*] Removing nft-block service
[*] Removing /usr/local/bin/nft-block
[*] Removing nft-block firewall rules

Managing persistence

The persistence service and timer can be controlled using systemctl

Stopping timer

# systemctl stop nft-block.timer

Starting timer

# systemctl start nft-block.timer

Disabling timer on system startup

# systemctl disable nft-block.timer

Enabling timer on system startup

# systemctl enable nft-block.timer

Checking last status

# systemctl status nft-block.service

Blacklists

Some IP blacklists to use with nft-block:

Many more blacklists can be found on the FireHOL IP Lists website.

Disclaimer

This software is provided with absolutely no warranty.
Use at your own risk.

About

Simple Bash script for blocking IPs in nftables using blacklists

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages