FreeBSD pf blocked IP list constructor from AbuseIPDB
Go to file
2024-03-11 22:47:22 +01:00
src/abuseipdb_fetcher Remove unused option 2024-03-11 22:23:37 +01:00
.gitignore Initial commit 2024-03-11 17:17:57 +01:00
.isort.cfg Add isort + README.md 2024-03-11 22:47:22 +01:00
config.ini.sample First working version 2024-03-11 22:17:06 +01:00
LICENSE Initial commit 2024-03-11 17:17:57 +01:00
pyproject.toml Initial commit 2024-03-11 17:17:57 +01:00
README.md Add isort + README.md 2024-03-11 22:47:22 +01:00
requirements.txt Intermediate commit 2024-03-11 20:12:32 +01:00

This tool fetches blocked IPs from AbuseIPdb and generates a list from it to be used by FreeBSD's pf tables.

It will exclude IP addresses you put into the whitelisted CIDRs list, see config.ini.sample.

Copy config.ini.sample to a place and edit it to your needs. Then, use this tool's command line (abuseipdb-fetcher -h) to see the options. Basically, fetch fetches the host lists, parse compiles the list for pf from the previously downloaded list.

parse will exit with a non-zero exit code if there are no updates.

A basic updater script looks like this (uses a previously installed virtualenv):

#!/usr/bin/env sh

MY_DIR=$(cd $(dirname $(readlink -f $0));pwd)

cd "$MY_DIR"

set -ex

./venv/bin/abuseipdb-fetcher -c config.ini fetch
./venv/bin/abuseipdb-fetcher -c config.ini parse
pfctl -f /etc/pf.conf -t abuseipdb -T load

If you handle a lot of hosts, you might need to raise the limits on the hosts able to be stored by pf's tables:

set limit table-entries 1000000 # 1 million max entries per table

Based on your subscription type, here's the limits the API will serve:

https://docs.abuseipdb.com/#blacklist-ip-truncation