Saking Jengkelnya dengan spammer yang kian hari kian bertambah banyak, akhirnya dipilih solusi “blok saja Network spammer tersebut“.
Daftar network spammer diambil dari Spamhaus.org di link ini http://www.spamhaus.org/drop/drop.lasso
Kita masukkan saja daftar network spam tersebut ke tabel PF untuk di blok.
caranya?
bikin skrip untuk ambil update dari spamhaus.
# vi db_spam #!/bin/sh FILE=/etc/tabel_spam TMPO=/tmp/tmp_lasso DBSPAM='http://www.spamhaus.org/drop/drop.lasso' WGET=/usr/local/bin/wget CUT=/usr/bin/cut SED=/usr/bin/sed RM=/bin/rm PF="/sbin/pfctl -t droplasso -T replace -f $FILE" $WGET -O $TMPO $DBSPAM $CUT -d';' -f1 $TMPO | $SED -e '/^$/d' >$FILE $RM $TMPO $PF
Tambahkan beberapa baris berikut di pf.conf
table persist file "/etc/tabel_spam" block drop in log (all) quick on egress from <droplasso> to any block drop out log (all) quick on egress from any to <droplasso>
Untuk pengecekan
# pfctl -vvsTables
-pa-r-- droplasso
Addresses: 465
Cleared: Mon Oct 17 11:50:02 2011
References: [ Anchors: 0 Rules: 2 ]
Evaluations: [ NoMatch: 85308 Match: 78 ]
In/Block: [ Packets: 0 Bytes: 0 ]
In/Pass: [ Packets: 0 Bytes: 0 ]
In/XPass: [ Packets: 0 Bytes: 0 ]
Out/Block: [ Packets: 78 Bytes: 3888 ]
Out/Pass: [ Packets: 0 Bytes: 0 ]
Out/XPass: [ Packets: 0 Bytes: 0 ]
#
Agar table spam selalu update… skrip db_spam masukkan saja ke cron untuk dijalankan tiap hari.
sumber dari http://bash.cyberciti.biz/firewall/bsd-spamhaus-lasso-spam-database-update-pf-firewall/