PF drop list

It’s been a while since we haven’t had any BSD related posts.

I have recently modified this script to generate a PF ruleset from the Spamhaus DROP list in order to keep evil packets out of your network. The DROP list is a tiny subset of the SBL containing netblocks controlled entirely by spammers. The modified script you can get here. To use it, put it somewhere in your PATH and run it once a day via cron. The ruleset is loaded via an anchor. In order to load it at boot time, put the following lines in your pf.conf above the usual rules:

# anchor for Spamhaus DROP list
anchor droplist
load anchor droplist from "/etc/pf.drop"


Tags: , , ,

Leave a Reply