Jul 192012

SpamhausDROP (Don’t Route Or Peer) and EDROP lists are sets of IPs controlled by bad people. Basically IPs that are very likely going to cause trouble so might as well block them completely. Details.

The following script will load a pf table with these networks. It will get drop.txt and, if uncommented, edrop.txt, cut the comments, compare to the existing list, if different flush the table and add the new blocks, then kill all existing connections to bad IPs.

Should probably be run once per day, do not run it more often than once per hour or you’ll be banned. OpenBSD doesn’t have fetch, so I’m using ftp, but ftp works fine on FreeBSD too, so no need to change that.

pf.conf should contain lines similar to these:


The way it is, it will NOT fetch edrop.txt and it will be silent if successful. Uncomment the respective lines if you want this behaviour changed.

To add it to OpenBSD’s daily run create or edit daily.local to something like:

Mind the permissions on daily.local, it should be o-rwx.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">