mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] changelog2009-07-15 06:26 am

[dw-ops] Implement Spamhaus DROP list

[commit: http://hg.dwscoalition.org/dw-ops/rev/dec97ed3ad7d]

http://bugs.dwscoalition.org/show_bug.cgi?id=1319

add spamhaus drop list to puppet-managed iptables config

Patch by [personal profile] alierak.

Files modified:
  • puppet/modules/iptables/templates/dreamwidth.erb
  • puppet/modules/iptables/templates/spamhaus-drop.erb
--------------------------------------------------------------------------------
diff -r 7fefa62be889 -r dec97ed3ad7d puppet/modules/iptables/templates/dreamwidth.erb
--- a/puppet/modules/iptables/templates/dreamwidth.erb	Fri May 29 18:04:14 2009 +0000
+++ b/puppet/modules/iptables/templates/dreamwidth.erb	Wed Jul 15 06:26:12 2009 +0000
@@ -62,6 +62,14 @@
 -A INPUT -s 10.176.74.79 -j ACCEPT
 -A INPUT -s 10.176.74.80 -j ACCEPT
 
+# Discards all traffic to/from netblocks on Spamhaus drop list
+# ( see http://www.spamhaus.org/drop/ )
+<% droplist = scope.function_template('iptables/spamhaus-drop.erb');
+   droplist.each do |dropnet| -%>
+-A INPUT -s <%= dropnet.chomp %> -j DROP
+-A OUTPUT -d <%= dropnet.chomp %> -j DROP
+<% end -%>
+
 # Accepts all established inbound connections
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
diff -r 7fefa62be889 -r dec97ed3ad7d puppet/modules/iptables/templates/spamhaus-drop.erb
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/puppet/modules/iptables/templates/spamhaus-drop.erb	Wed Jul 15 06:26:12 2009 +0000
@@ -0,0 +1,152 @@
+110.44.0.0/20
+115.166.64.0/19
+116.199.128.0/19
+116.50.8.0/21
+117.103.40.0/21
+119.27.128.0/19
+119.42.144.0/21
+120.143.128.0/21
+121.46.64.0/18
+128.199.0.0/16
+132.232.0.0/16
+132.240.0.0/16
+134.33.0.0/16
+138.252.0.0/16
+138.43.0.0/16
+139.167.0.0/16
+143.49.0.0/16
+152.147.0.0/16
+167.28.0.0/16
+167.97.0.0/16
+168.151.0.0/16
+170.67.0.0/16
+190.112.0.0/19
+190.14.64.0/18
+192.160.44.0/24
+192.43.153.0/24
+192.43.154.0/23
+192.43.156.0/22
+192.43.160.0/24
+192.67.16.0/24
+192.86.85.0/24
+193.110.136.0/24
+193.138.172.0/22
+193.142.244.0/24
+193.16.100.0/24
+193.19.120.0/23
+193.238.36.0/22
+194.110.160.0/22
+194.116.146.0/23
+194.126.193.0/24
+194.146.204.0/22
+194.165.4.0/23
+195.114.8.0/23
+195.225.176.0/22
+195.234.159.0/24
+195.238.242.0/24
+195.74.88.0/23
+195.88.32.0/23
+195.88.80.0/23
+195.95.161.0/24
+196.1.176.0/20
+196.32.216.0/21
+198.151.152.0/22
+198.186.16.0/20
+198.186.25.0/24
+198.204.0.0/21
+199.120.163.0/24
+199.166.200.0/22
+199.245.138.0/24
+199.60.102.0/24
+200.108.160.0/20
+200.124.64.0/19
+201.71.0.0/20
+202.133.64.0/20
+202.6.176.0/20
+203.19.101.0/24
+203.31.88.0/23
+203.33.120.0/24
+203.34.205.0/24
+203.34.70.0/23
+203.34.71.0/24
+204.13.32.0/21
+204.14.24.0/21
+204.236.0.0/19
+204.52.255.0/24
+204.86.116.0/22
+204.89.224.0/24
+205.210.137.0/24
+205.235.64.0/20
+205.236.189.0/24
+206.197.175.0/24
+206.197.176.0/24
+206.197.177.0/24
+206.197.28.0/24
+206.197.29.0/24
+206.51.240.0/21
+208.64.44.0/22
+208.66.192.0/22
+208.72.168.0/21
+208.73.88.0/21
+208.76.160.0/21
+208.76.48.0/21
+208.77.224.0/21
+208.81.136.0/21
+208.82.136.0/21
+208.84.96.0/21
+208.87.152.0/21
+208.93.152.0/22
+209.145.192.0/18
+209.165.224.0/20
+209.213.48.0/20
+216.21.8.0/22
+216.243.240.0/20
+216.255.176.0/20
+41.221.112.0/20
+58.65.232.0/21
+58.83.12.0/22
+58.83.8.0/22
+62.122.32.0/21
+64.28.176.0/20
+66.206.32.0/22
+66.54.91.0/24
+66.55.160.0/19
+67.210.0.0/20
+67.213.128.0/20
+69.50.160.0/19
+69.8.176.0/20
+69.80.0.0/17
+72.2.176.0/20
+78.155.220.0/23
+78.157.128.0/19
+79.110.160.0/20
+79.135.160.0/19
+81.29.240.0/20
+85.255.112.0/20
+86.105.230.0/24
+88.214.211.0/24
+89.35.0.0/23
+91.193.108.0/23
+91.196.232.0/22
+91.199.112.0/24
+91.203.92.0/22
+91.208.0.0/24
+91.208.162.0/24
+91.208.228.0/24
+91.209.14.0/24
+91.209.184.0/24
+91.209.186.0/24
+91.209.48.0/24
+91.209.58.0/24
+91.211.64.0/22
+91.211.88.0/22
+91.212.45.0/24
+91.212.65.0/24
+93.188.160.0/21
+94.154.0.0/18
+94.154.128.0/18
+94.232.248.0/21
+94.247.0.0/21
+95.129.144.0/23
+95.129.146.0/24
+95.215.76.0/22
--------------------------------------------------------------------------------
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)

[personal profile] azurelunatic 2009-07-15 01:54 pm (UTC)(link)
Woohoo smaphose! ♥
red_trillium: cartoon cat that says "I love cats but can't eat a whole one" (Default)

[personal profile] red_trillium 2009-07-15 10:59 pm (UTC)(link)
YAY! The details make no sense to me but I understand the basics--spammers bad & no more spamming at Dreamwidth. :) Now if Webshots can get something similar, my albums there are starting to get hit by the occassional spammer & it's annoying.

Um, and on my friends page this entry has the userpic & icon from [personal profile] azurelunatic as the poster, not [staff profile] mark. That's a bit odd ??