OpenBL blocklist updater for PF

Thursday, January 14, 2016 » Firewall PF

/usr/local/bin/openbl-updater.sh:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#!/bin/sh
STORE="/tmp/"
RULES="base.txt.gz"
SERVER="https://www.openbl.org/lists/"
TABLE="blacklist"
fetch -q -o ${STORE}${RULES} ${SERVER}${RULES}
if [ -f ${STORE}${RULES} ]; then
    gunzip ${STORE}${RULES}
    pfctl -t ${TABLE} -T flush
    pfctl -t ${TABLE} -T add -f ${STORE}${RULES%.*}
    rm ${STORE}${RULES%.*}
fi

/etc/crontab: (add)

1
2
3
# Update OpenBL Blacklisting weekly and after each boot
20      0       *       *       1       root    [ -f /usr/local/bin/openbl-updater.sh ] && /usr/local/bin/openbl-updater.sh
@reboot                                 root    [ -f /usr/local/bin/openbl-updater.sh ] && /usr/local/bin/openbl-updater.sh

/etc/pf.conf: (add)

1
2
3
# OpenBL Blacklisting
table <blacklist> persist
block quick from <blacklist>