電訊茶室's Archiver

Qnewbie 發表於 2016-11-5 06:13

Automatically Updated VoIP Blacklist(volunteer needed!)

[i=s] 本帖最後由 Qnewbie 於 2016-11-5 06:15 編輯 [/i]

The VoIP Blacklist is maintained by voipbl.org. Voipbl.org provides a configuration to block ip addresses in the blacklist with fai2ban.

For mikrotik user, we might use this blacklist according to
[url]http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/.[/url]

1. Bash script to create VoipBL.rsc, some volunteers(I mean 電腦超人:lol ) could run it frequently with cron and provide VoipBL.rsc for download?[code]#!/bin/sh

####
# Orig.: http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/
####

saveTo=/var/www
now=$(date);
echo "# Generated by Qnewbie on $now" > $saveTo/VoipBL.rsc
echo "/ip firewall address-list" >> $saveTo/VoipBL.rsc
wget -q -O - http://www.voipbl.org/update |  awk ' $1 != "#" { print "add list=blacklist address=" $1 " comment=VoipBL";}'  >> $saveTo/VoipBL.rsc
[/code]2. It is not applicable as VoipBL.rsc is not available in telecom-cafe.
Mikrotik daily update script:[code]# Script which will download the VoIPBL list as a text file
/system script add name="DownloadVoIPBL" source={
/tool fetch url="http://www.telecom-cafe.com/VoipBL.rsc" mode=http;
:log info "Downloaded VoipBL.rsc from telecom-cafe.com";
}

# Script which will Remove old VoIPBL records and add new one
/system script add name="ReplaceVoIPBL" source={
/ip firewall address-list remove [find where comment="VoIPBL"]
/import file-name=VoipBL.rsc;
:log info "Removed old VoIPBL records and imported new list";
}

# Schedule the download and application of the VoIPBL list
/system scheduler add comment="Download VoIPBL list" \
  interval=1d name="DownloadVoIPBL_List" on-event=DownloadVoIPBL \
  start-date=jan/01/1970 start-time=16:38:48
/system scheduler add comment="Apply VoIPBL List" \
  interval=1d name="InstallVoIPBL_List" on-event=ReplaceVoIPBL \
  start-date=jan/01/1970 start-time=16:43:48[/code]Possible problem:
The address list might be too looooooong... Hopefully someone might merge addresses with larger subnet.

頁: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.