add a new IP into deirdre and erlking ipsets

remove waldo ipsets and rules
2021-03-17 09:55:52 -04:00 · 2021-03-17 09:55:52 -04:00 · 0b3265d75c
parent ae99eaef7b
commit 0b3265d75c
5 changed files with 4 additions and 89 deletions
--- a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v4
@ -1,22 +0,0 @@
-*filter
-:INPUT DROP
-:FORWARD DROP
-:OUTPUT DROP
-A INPUT -m set --match-set nasties src -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5665 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5665 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-COMMIT
--- a/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/waldo.asininetech.net.rules.v6
@ -1,30 +0,0 @@
-*filter
-:INPUT DROP
-:FORWARD DROP
-:OUTPUT DROP
-:icmp_in -
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5665 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
-A INPUT -p ipv6-icmp -j icmp_in
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 5665 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
-A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
-COMMIT
--- a/ubuntu/roles/ipset-deploy/files/deirdre.asininetech.net.ipset
+++ b/ubuntu/roles/ipset-deploy/files/deirdre.asininetech.net.ipset
@ -39,3 +39,5 @@ add nasties 216.18.204.0/24
 add nasties 173.231.59.0/24
 # Unknown crawler, no user agent, doesn't actually respect robots.txt
 add nasties 217.160.142.105/32
+# MegaIndex.ru Crawler
+add nasties 176.9.41.28/32
--- a/ubuntu/roles/ipset-deploy/files/erlking.asininetech.net.ipset
+++ b/ubuntu/roles/ipset-deploy/files/erlking.asininetech.net.ipset
@ -27,3 +27,5 @@ add nasties 216.18.204.0/24
 add nasties 173.231.59.0/24
 # Unknown crawler, no user agent, doesn't actually respect robots.txt
 add nasties 217.160.142.105/32
+# MegaIndex.ru Crawler
+add nasties 176.9.41.28/32
--- a/ubuntu/roles/ipset-deploy/files/waldo.asininetech.net.ipset
+++ b/ubuntu/roles/ipset-deploy/files/waldo.asininetech.net.ipset
@ -1,37 +0,0 @@
-create nasties hash:net family inet hashsize 1024 maxelem 65536
-# domaincrawler.com aggressive crawler/bot
-add nasties 185.6.8.3/32
-add nasties 185.6.8.7/32
-# infegy data collection
-add nasties 173.244.135.0/24
-# 1776 Solutions, kiwifarms
-add nasties 103.114.191.0/24
-# Bytespider crawler, aggressive
-add nasties 110.240.0.0/12
-add nasties 111.224.0.0/14
-add nasties 220.243.128.0/20
-# Seekport Crawler, aggressive
-add nasties 95.216.172.167/32
-# SearchAtlas.com SEO Crawler, doesn't respect robots.txt
-add nasties 147.75.106.146/32
-# AlkonavtNetwork, Russian spam account creation source
-add nasties 5.188.210.0/24
-# moz.com SEO crawler
-add nasties 216.244.66.229/32
-# Aspiegel (Huawei) bot range
-add nasties 114.119.160.0/21
-add nasties 114.119.128.0/19
-# Centurybot
-add nasties 64.62.202.73/32
-# Pimeyes.com crawler
-add nasties 116.202.237.211/32
-add nasties 116.202.234.96/32
-add nasties 95.217.119.94/32
-add nasties 116.202.228.159/32
-# Local timeline crawler on Comcast residential
-add nasties 75.64.236.168/32
-# Adsbot
-add nasties 216.18.204.0/24
-add nasties 173.231.59.0/24
-# Unknown crawler, no user agent, doesn't actually respect robots.txt
-add nasties 217.160.142.105/32