# This is an example pf-badhost configuration file. # It is strongly recommended to configure pf-badhost from the commandline rather than from a config file \ # as a config file essentially amounts to arbitrary code injection into the pf-badhost process. # # If you know what you're doing, the possibilities here are endless. # # USE WITH CARE! # ------------------------------------------------------------------------------ # User Configuration Area -- BEGIN # ------------------------------------------------------------------------------ # ########################################################################### # To override a default value, uncomment the value and: # Set to '1' to enable # Set to '0' to disable # Rememeber, this config file essentially executes arbitrary code - use with care! # HTTP user agent override (pretend to be Firefox on Win10 by default) # This option can also be configured from the commandline with the '-U' flag. #_AGENT='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0' # Save a rolling backup copy of generated blocklists to /var/log/pf-badhost/ #_LOG=1 # Enable Strict Mode # (This option tells pf-badhost to abort if it fails to fetch a blocklist) #_STRICT=1 # Max Download Attempts (How many times we'll attempt to download a file before giving up) #_RETRY=5 # Enable IPv4 #_IPV4=1 # Enable IPv6 #_IPV6=0 # Enable Subnet Aggregation #_AGGREGATE=0 # Enable Geoblocking / Country Blacklisting #_GEOBLOCK=0 # Enable IPv4 Bogon Filter (Blocks unassigned/reserved/martian addresses) #_BOGON_4=0 # Enable IPv6 Bogon Filter (Blocks unassigned/reserved/martian addresses) #_BOGON_6=0 ################################################################### # Hail Mary Cloud Bruteforcer Mitigation (SSH authlog analysis) # Searches SSH authlog for bruteforcers # # Set to '1' to enable #_HAIL_MARY=0 # # Set failed log-in limit for bans #_LOGIN_LIMIT=25 ################################################################### ################################################################### # Custom Lists # # Add any lists here that require pre-formatting or special treatment # # CUSTOM_LISTS function MUST place all processed blocklist data into # $tmpdir_fetch directory. This variable will be automatically # generated before invocation of the CUSTOM_LISTS() function. # # You can safely use the current working directory within the function # for temporary file handling - files saved here will automatically # be cleaned up when the script exits. CUSTOM_LISTS() { : # Examples: ### Fabrice Prigent's Blocklists [tar.gz]: URL_FETCH 'https://dsi.ut-capitole.fr/blacklists/download/malware.tar.gz' \ 'https://dsi.ut-capitole.fr/blacklists/download/ads.tar.gz' # Extract all *.tar.gz files in current working directory find . -type f -name "*.tar.gz" -exec tar -C "$tmpdir_fetch" -xzf {} \; } ################################################################### ################################################################### # Custom Filtering # # NOTE: Use of '-r' or '-w' to whitelist URLs is strongly prefered. # # This function can be used to perform arbitrary blocklist manipulation. # Use at your own risk. # # Blocklist data will be received by the function on stdin. # Data processed within the function MUST be exported to stdout. # #_CUSTOM_FILTER=0 # Set to '1' to enable CUSTOM_FILTER() { : # Perform whatever text manipulation you like } # ################################################################### # ------------------------------------------------------------------------------ # User Configuration Area -- END # ------------------------------------------------------------------------------