File firewalld-firehol-ipset.spec of Package firewalld-firehol-ipset
#
# spec file for package firewalld-firehol-ipset
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: firewalld-firehol-ipset
Version: 20210401
Release: 0
Summary: FireHOL Level1 blacklist as FirewallD ipset
License: MIT
Group: Productivity/Networking/Security
URL: https://github.com/firehol/blocklist-ipsets
Source0: firehol_level1.netset
Source1: firehol_abusers_30d.netset
BuildRequires: fdupes
Requires: firewalld
Requires: ipset
BuildArch: noarch
%description
firehol_level1 and firehol_abusers_30d for FirewallD
ipv4 hash:net ipset
* firehol_level1
Original
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
Cleaned up version (which is used in this as raw version has drawbacks!):
https://github.com/Ultimate-Hosts-Blacklist/firehol_level1
Download:
https://github.com/Ultimate-Hosts-Blacklist/firehol_level1/raw/master/ip.list
A firewall blacklist composed from IP lists, providing
maximum protection with minimum false positives. Suitable
for basic protection on all internet facing servers,
routers and firewalls. (includes: bambenek_c2 dshield feodo
fullbogons spamhaus_drop spamhaus_edrop sslbl zeus_badips
ransomware_rw)
* firehol_abusers_30d
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset
An ipset made from blocklists that track abusers in the
last 30 days. (includes: cleantalk_new_30d
cleantalk_updated_30d php_commenters_30d php_dictionary_30d
php_harvesters_30d php_spammers_30d stopforumspam sblam)
Maintainer : FireHOL
Maintainer URL : http://iplists.firehol.org/
List source URL :
Source File Date: Fri Dec 11 04:00:49 UTC 2020
Full list analysis, including geolocation map, history,
retention policy, overlaps with other lists, etc.
available at:
http://iplists.firehol.org/?ipset=firehol_level1
Generated by FireHOL's update-ipsets.sh
Processed with FireHOL's iprange
%prep
%build
echo '<?xml version="1.0" encoding="utf-8"?>' > firehol-level1-%{version}.xml
echo '<ipset type="hash:net">' >> firehol-level1-%{version}.xml
echo " <short>Firehol Level1 Blacklist timestamp: %{version}</short>" >> firehol-level1-%{version}.xml
echo " <description>Firehol Level1 the blacklisted list of IPs for online servers (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset)</description>" >> firehol-level1-%{version}.xml
echo ' <option name="family" value="inet"/>' >> firehol-level1-%{version}.xml
echo ' <option name="hashsize" value="4096"/>' >> firehol-level1-%{version}.xml
echo ' <option name="maxelem" value="200000"/>' >> firehol-level1-%{version}.xml
# sed -e '/^#/d' %{SOURCE0} | tail -n +2 > %{SOURCE0}.remove
sed -e "s#\(.*\)# <entry>\1</entry>#g" %{SOURCE0} >> firehol-level1-%{version}.xml
echo '</ipset>' >> firehol-level1-%{version}.xml
echo '<?xml version="1.0" encoding="utf-8"?>' > firehol-abusers_30d-%{version}.xml
echo '<ipset type="hash:net">' >> firehol-abusers_30d-%{version}.xml
echo " <short>Firehol Abusers 30 days Blacklist timestamp: %{version}</short>" >> firehol-abusers_30d-%{version}.xml
echo " <description>Firehol Abusers 30 days the blacklisted list of IPs for online servers (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset)</description>" >> firehol-abusers_30d-%{version}.xml
echo ' <option name="family" value="inet"/>' >> firehol-abusers_30d-%{version}.xml
echo ' <option name="hashsize" value="4096"/>' >> firehol-abusers_30d-%{version}.xml
echo ' <option name="maxelem" value="200000"/>' >> firehol-abusers_30d-%{version}.xml
sed -e '/^#/d' %{SOURCE1} > %{SOURCE1}.remove
sed -e "s#\(.*\)# <entry>\1</entry>#g" %{SOURCE1}.remove >> firehol-abusers_30d-%{version}.xml
echo '</ipset>' >> firehol-abusers_30d-%{version}.xml
%install
install -m 0750 -d %{buildroot}%{_sysconfdir}/firewalld/ipsets
install -m 0640 firehol-level1-%{version}.xml %{buildroot}%{_sysconfdir}/firewalld/ipsets
install -m 0640 firehol-abusers_30d-%{version}.xml %{buildroot}%{_sysconfdir}/firewalld/ipsets
ln -sf %{_sysconfdir}/firewalld/ipsets/firehol-level1-%{version}.xml %{buildroot}%{_sysconfdir}/firewalld/ipsets/firehol-level1.xml
ln -sf %{_sysconfdir}/firewalld/ipsets/firehol-abusers_30d-%{version}.xml %{buildroot}%{_sysconfdir}/firewalld/ipsets/firehol-abusers_30d.xml
%post
test -f %{_bindir}/firewall-cmd && %{_bindir}/firewall-cmd --quiet --permanent --zone=public --add-rich-rule="rule source ipset=firehol-level1-%{version} drop" || : %{nil}
test -f %{_bindir}/firewall-cmd && %{_bindir}/firewall-cmd --quiet --permanent --zone=public --add-rich-rule="rule source ipset=firehol-abusers_30d-%{version} drop" || : %{nil}
%preun
test -f %{_bindir}/firewall-cmd && %{_bindir}/firewall-cmd --quiet --permanent --zone=public --remove-rich-rule="rule source ipset=firehol-level1-%{version} drop" || : %{nil}
test -f %{_bindir}/firewall-cmd && %{_bindir}/firewall-cmd --quiet --permanent --zone=public --remove-rich-rule="rule source ipset=firehol-abusers_30d-%{version} drop" || : %{nil}
%files
%dir %{_sysconfdir}/firewalld
%dir %{_sysconfdir}/firewalld/ipsets
%config %{_sysconfdir}/firewalld/ipsets/firehol-level1-%{version}.xml
%config %{_sysconfdir}/firewalld/ipsets/firehol-level1.xml
%config %{_sysconfdir}/firewalld/ipsets/firehol-abusers_30d-%{version}.xml
%config %{_sysconfdir}/firewalld/ipsets/firehol-abusers_30d.xml
%changelog
