Light Theme · Dark Theme
Facebook Share Button Twitter Share Button Reddit Share Button

As an Amazon Associate I earn from qualifying purchases. All product links on this page are monetized.

How to Use These Blocklists with CSF Firewall

I'm a long-time user and fan of ConfigServer Security & Firewall (CSF), and these lists (and actually, this whole site) originally was designed with CSF in mind. CSF has a function that allows it to import third-party blocklists and save them to IPTABLES, which is the Linux firewall utility upon which CSF is based.

The lists themselves were also partially generated using CSF, which has the optional ability to execute a script of the root user's choice whenever an IP address is blocked. I wrote simple PHP scripts to record those results into databases, and the lists I make available on this site are created using those databases.

Importing Blocklists into CSF Firewall

If you're using CSF, then the blocklists on this site will be very easy for you to use. If you wanted to use the first 500 entries in freships.txt list, for example, you would simply log into the server as root and edit the file /etc/csf/csf.blocklists to include the following three lines:

        # RJM Blocklist Fresh IP List
        # Details: https://rjmblocklist.com
        RJMFRESHIPS|3600|500|https://www.rjmblocklist.com/sizzling/freships.txt
    

The first commented line is for humans to quickly identify the list. The second is a URL to the site sponsoring the list, also for human users who want to learn more about the list.

The syntax of the third, un-commented line may need a bit of explanation if you're new to this. The basic syntax is:

NAME|INTERVAL|MAX|URL

NAME must be a maximum of 25 upper-case characters. It will become the IPTABLES chain name.

INTERVAL is how often, in seconds, CSF will download the list. It must be a minimum of 3600 (once per hour), but once a day (86400) is the default. In the example on this page, the value is set to 3600, or once every hour.

MAX is the maximum number of IP addresses CSF will import. In this case, we would be importing only the first 500 IP addresses, even though 5,000 are available on the list. That's because importing too many IP addresses into the firewall could bog down your server. MAX lets you set a limit. For most servers, a limit of 250 to 1000 would be a reasonable MAX. A value of 0 will download the entire list.

URL tells CSF where to find the file. It's a good idea to visit the URL using a Web browser first to make sure it's still active and accessible, and to take a look at the list if you like.

Finally, you can stop using a list by commenting the line with a leading #, or by deleting the entry altogether.

After any change to /etc/csf/csf.blocklists you must restart CSF Firewall for it to take effect. It's also a good idea to restart LFD because it also contributes to IPTABLES.

Using These Lists with Other Firewalls

Because my blocklists are plain text files, they should work with any firewall that can import text files into their tables. Beyond that, all I can say is that you'll need to check the documentation for the firewall that you use to determine whether it can use my blocklists.

 

QR Code to buy the webmaster a coffee
buymeacoffee.com/rjmweb

Are you in business? Create an Amazon Business Account.