EditAttachPrintable
r7 - 01 Feb 2009 - 23:54:40 - WilliamMetcalfYou are here: TWiki >  Main Web > AllProjects > SnortConfSamples > EmergingFirewallRules

Using the Emerging Threats Firewall Rules

The firewall rulesets are versions of the IP Block lists in a format easily imported into IPF, IPTables, PF, and PIX firewalls.

These rulesets are updated at least daily, we recommend updating your firewalls at the very least once a week, as these hosts may change often. The Spamhaus DROP list is less dynamic, however it does change so be sure to update regularly.

As each update is made a revision number is incremented. That is available here: http://www.emergingthreats.net/fwrules/FWrev

Ruleset sources include the DShield Top Attackers, the Spamhaus DROP list, the Shadowserver.org Active Command and Control Servers, and our RussianBusinessNetwork Known Networks.

Rules available here:

http://www.emergingthreats.net/fwrules

A script by Joshua Gimer to automatically update an IPTables firewall is available here:

It should be easily adapted to service most any other firewall.

Changes in Version 2.0

  • Added Syslog support
  • Added IP address verification
  • Added individual IP address and CIDR range white-listing support

Topic attachments
I Attachment Action Size Date Who Comment
txttxt emerging-ipset-update.pl.txt manage 6.7 K 01 Feb 2009 - 23:54 WilliamMetcalf an ipset version of the script by Joshua Gimer
txttxt emerging-iptables-update.pl.txt manage 4.5 K 09 Oct 2008 - 22:18 JoshuaGimer Version 2.0 by Joshua Gimer
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r7 < r6 < r5 < r4 < r3 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback