abuseipdb-fetcher

FreeBSD pf blocked IP list constructor from AbuseIPDB

Go to file

László Károlyi da21cd79c8 Add isort + README.md		2024-03-11 22:47:22 +01:00
src/abuseipdb_fetcher	Remove unused option	2024-03-11 22:23:37 +01:00
.gitignore	Initial commit	2024-03-11 17:17:57 +01:00
.isort.cfg	Add isort + README.md	2024-03-11 22:47:22 +01:00
LICENSE	Initial commit	2024-03-11 17:17:57 +01:00
README.md	Add isort + README.md	2024-03-11 22:47:22 +01:00
config.ini.sample	First working version	2024-03-11 22:17:06 +01:00
pyproject.toml	Initial commit	2024-03-11 17:17:57 +01:00
requirements.txt	Intermediate commit	2024-03-11 20:12:32 +01:00

README.md

This tool fetches blocked IPs from AbuseIPdb and generates a list from it to be used by FreeBSD's pf tables.

It will exclude IP addresses you put into the whitelisted CIDRs list, see config.ini.sample.

Copy config.ini.sample to a place and edit it to your needs. Then, use this tool's command line (abuseipdb-fetcher -h) to see the options. Basically, fetch fetches the host lists, parse compiles the list for pf from the previously downloaded list.

parse will exit with a non-zero exit code if there are no updates.

A basic updater script looks like this (uses a previously installed virtualenv):

#!/usr/bin/env sh

MY_DIR=$(cd $(dirname $(readlink -f $0));pwd)

cd "$MY_DIR"

set -ex

./venv/bin/abuseipdb-fetcher -c config.ini fetch
./venv/bin/abuseipdb-fetcher -c config.ini parse
pfctl -f /etc/pf.conf -t abuseipdb -T load

If you handle a lot of hosts, you might need to raise the limits on the hosts able to be stored by pf's tables:

set limit table-entries 1000000 # 1 million max entries per table

Based on your subscription type, here's the limits the API will serve:

https://docs.abuseipdb.com/#blacklist-ip-truncation