Revision history for GrizzlySteppeIpsetIptables


Revision [100]

Last edited on 2017-01-10 20:54:10 by ShaunC
Additions:
Following is a script that will create an ipset with the named IP addresses, then log and block traffic to and from those hosts using iptables. Many of these are or were Tor exit nodes and there may be collateral damage. Use at your own risk.
#Create a chain to log and drop matching packets
iptables -N LOG_DROP_GRIZZLY_STEPPE
iptables -A LOG_DROP_GRIZZLY_STEPPE -j LOG --log-prefix "INPUT:DROP:GRIZZLY: " -m limit --limit 600/min --log-level 6
iptables -A LOG_DROP_GRIZZLY_STEPPE -j DROP
#Apply rules to INPUT and OUTPUT chains
iptables -I INPUT -m set --match-set grizzly-steppe src -j LOG_DROP_GRIZZLY_STEPPE
iptables -I OUTPUT -m set --match-set grizzly-steppe dst -j LOG_DROP_GRIZZLY_STEPPE
Deletions:
Following is a script to create an ipset with the named IP addresses and block traffic to and from those hosts with iptables. Many of these are or were Tor exit nodes and there may be collateral damage. Use at your own risk.
#Add DROP rules to INPUT and OUTPUT chains
iptables -I INPUT -m set --match-set grizzly-steppe src -j DROP
iptables -I OUTPUT -m set --match-set grizzly-steppe dst -j DROP


Revision [99]

Edited on 2016-12-29 15:45:15 by ShaunC
Additions:
Following is a script to create an ipset with the named IP addresses and block traffic to and from those hosts with iptables. Many of these are or were Tor exit nodes and there may be collateral damage. Use at your own risk.
Deletions:
Following is a script to create an ipset with the named IP addresses and block traffic to and from those hosts with iptables.


Revision [98]

Edited on 2016-12-29 15:09:31 by ShaunC
Additions:
======GRIZZLY STEPPE blocking through ipset and iptables======
#Block hosts designated as GRIZZLY STEPPE (Russian Malicious Cyber Activity) participants
Deletions:
======GRIZZLY-STEPPE blocking through ipset and iptables======
#Block hosts designated as GRIZZLY-STEPPE (Russian Malicious Cyber Activity) participants


Revision [95]

The oldest known version of this page was created on 2016-12-29 15:05:53 by ShaunC
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki