Shell Script To Update Spamhaus Lasso Spam Database for PF Firewall

Author: Vivek Gite Last updated: January 23, 2009 3 comments

#!/bin/sh
# A shell script update Spamhaus Lasso Spam Database for PF Firewall
# Put this script at /etc/periodic/daily/10.drop-lasso file.
# Tested under FreeBSD 6.x and 7.x and PF Firewall
# -------------------------------------------------------------------------
# Copyright (c) 2007 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
 
FILE=/etc/pf.drop.lasso.conf
TMPO=/tmp/drop.lasso.$$
DROPURL='http://www.spamhaus.org/drop/drop.lasso'
CUT=/usr/bin/cut
SED=/usr/bin/sed
FETCH=/usr/bin/fetch
RM=/bin/rm
PF="/etc/rc.d/pf restart"
>$TMPO
$FETCH -o $TMPO $DROPURL
$CUT -d';' -f1 $TMPO | $SED -e '/^$/d' >$FILE
$RM $TMPO
$PF

Download this script and add following 3 lines to your /etc/pf.conf file:

table <droplasso> persist file "/etc/pf.drop.lasso.conf"
 
#Block DROP LASSO
#block log (all) all
# pfctl -t droplasso -T show
block drop in log (all)  quick on $ext_if from <droplasso> to any
block drop out log (all) quick on $ext_if from any to <droplasso>

See FreeBSD / OpenBSD: PF Firewall Filter Large Number Of Subnets and IP Address for further information.

Get the latest tutorials on SysAdmin, Linux/Unix, Open Source, and DevOps topics:

RSS feed or Weekly email newsletter
Share on Twitter • Facebook • 3 comments... add one ↓

Related Shell Scripts:

Category	List of Unix and Linux commands
File Management	cat
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

#!/bin/sh # Filename: /usr/local/etc/periodic/daily/10.drop-Lasso # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/periodic.conf ] then . /etc/defaults/periodic.conf source_periodic_confs fi case "$daily_pf_droplasso_enable" in [Yy][Ee][Ss]) FILE=/etc/pf.drop.lasso.conf TMPO=/tmp/drop.lasso.$$ DROPURL='http://www.spamhaus.org/drop/drop.lasso' CUT=/usr/bin/cut SED=/usr/bin/sed FETCH=/usr/bin/fetch RM=/bin/rm PF="/sbin/pfctl -Tl -f /etc/pf.conf" >$TMPO $FETCH -o $TMPO $DROPURL $CUT -d';' -f1 $TMPO | $SED -e '/^$/d' >$FILE $RM $TMPO $PF && rc=1 || rc=3 ;; *) rc=0;; esac exit $rc

3 comments… add one

Tim Jul 25, 2011 @ 13:49

First of all – I love your site, with all your scripts, tips and tricks.
Just a thought, wouldn’t it be “safer” to use “/etc/rc.d/pf reload” rather than “/etc/rc.d/pf restart” – i’m kinda new a this, but during my tests, if I issue a restart while connected through SSH, my connection is dropped, while reload seems to accept my changes, while keeping my connection.

Reply Link
Jeff Royle Jun 23, 2009 @ 13:49
I have being doing something similar for my own FreeBSD systems, highly recommend. There is a few things you may want to take into consideration here.

1) If you are going to utilize FreeBSD’s periodic system this setup should be modified to work within the framework. All custom editions to periodic scripts should be placed in ‘/usr/local/etc/periodic/*’ In this case ‘/usr/local/etc/periodic/daily’ would be suitable. You will also want to add control for the running of the script in the /etc/periodic.conf file. Below I have done a re-write of your 10.drop-lasso file.

2) Typically you want to avoid doing a restart on a firewall if it isn’t necessary. Since we are dealing with a table PF allows for a load of just the tables without a complete ruleset reload. This is accomplished by using pfctl. For example: pfctl -Tl -f /etc/pf.conf will do the reload on all tables in PF. Note: You can add -v to get more verbose output on the tables being reloaded. I have adjusted the script to use this instead of doing a full restart
```
#!/bin/sh
#  Filename: /usr/local/etc/periodic/daily/10.drop-Lasso
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

case "$daily_pf_droplasso_enable" in
    [Yy][Ee][Ss])

	FILE=/etc/pf.drop.lasso.conf
	TMPO=/tmp/drop.lasso.$$
	DROPURL='http://www.spamhaus.org/drop/drop.lasso'
	CUT=/usr/bin/cut
	SED=/usr/bin/sed
	FETCH=/usr/bin/fetch
	RM=/bin/rm
	PF="/sbin/pfctl -Tl -f /etc/pf.conf"
	>$TMPO
	$FETCH -o $TMPO $DROPURL
	$CUT -d';' -f1 $TMPO | $SED -e '/^$/d' >$FILE
	$RM $TMPO
	$PF && rc=1 || rc=3
	;;
    *) rc=0;;
esac

exit $rc
```
Add in ‘/etc/periodic.conf’ the following line:
```
daily_pf_droplasso_enable="YES"
```
Reply Link
- 🐧 Vivek Gite Jun 24, 2009 @ 19:08
  
  Thanks for putting it FreeBSD frame work format.
  
  Reply Link

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.