Simplifying (I hope) UFW and iptables, includes a utility to get blocklists and incorporate them.
Simplifying (I hope) UFW and iptables for folks and serving as a reference for myself
Beware! You’re entering the ….
Everything in /applications.d goes into /etc/ufw/applications.d. You’ll need to change the owner to root.
I’ve provided two scripts so you can easily run one depending on your location; public or not public. Comment and uncomment as needed for what you want to expose to the LAN and interwebs. You will need to run this with superuser rights.
Edit the rules in the LAN area to reflect the subnet of your LAN, obvs.
You can use something like my network control manager to configure which script is called.
This is a script to automate the downloading, cleaning, and implementation of blocklists for IPTABLES to protect your computer or server from IPs associated with bad things like malware, child pornography, web exploits, and the like. I mean, if someone’s gone to the bother to collect these blocklists, we might as well use them for legit purposes, right?
It can be used without my UFW script, but you’ll want to uncomment the last two lines. You will need to run this with superuser rights.
Prerequisites: IPSET, which should be available for your distribution.
Steven Saus injects people with radioactivity for his day job, but only to serve the forces of good.