GeertHauwaerts · March 6, 2019 12:31
diff --git a/voipbl.sh b/voipbl.sh
 #!/bin/bash

 ##
 # Fast VoIPBL implementation with iptables-restore.
 #
 # This is a very fast method (3-5 seconds) to apply and refresh the VoIPBL
 # blacklist by using iptables-restore.
 #
 # The default wget/awk method takes between 30-60 minutes to apply, and
 # leaves the server exposed during the process.
 #
 # The script only modifies the `VOIPBL` chain and leaves existing rules
 # intact.
 #
 # @author    Geert Hauwaerts <[email protected]>
 # @copyright 2019 Geert Hauwaerts
 # @license   BSD 3-Clause License
 ##

 ##
 # Installation:
 #  1. Save the script as `/etc/asterisk/voipbl.sh`
 #  2. Make the file executable: `chmod +x /etc/asterisk/voipbl.sh`
 #  3. Add a crontab to regularry refresh the list.
 #
 # Example crontab to update the list very 12 hours:
 #  0 */12 * * * /etc/asterisk/voipbl.sh >/dev/null 2>&1
 ##

 ##
 # VoIPBL
 ##

 if [ `iptables -v -L -n | grep -c "Chain VOIPBL"` -lt 1 ]; then
  iptables -N VOIPBL
  iptables -I INPUT 1 -j VOIPBL
 fi

 wget -qO -- http://www.voipbl.org/update -O /tmp/voipbl.db

 echo '*filter' > /tmp/voipbl.ipt
 echo ':VOIPBL - [0:0]' >> /tmp/voipbl.ipt

 for i in $(cat /tmp/voipbl.db | grep -v \#); do
  echo "-A VOIPBL -s $i -j DROP" >> /tmp/voipbl.ipt
 done

 echo 'COMMIT' >> /tmp/voipbl.ipt
 iptables-restore -n /tmp/voipbl.ipt

 ##
 # SIP Attack Detection
 ##

 if [ `iptables -v -L -n | grep -c "udp dpt:5060 recent:"` -lt 1 ]; then
  iptables -A INPUT -p udp --dport 5060 -m recent --name sip --set
  iptables -A INPUT -p udp --dport 5060 -m recent --name sip --rcheck --seconds 2 --hitcount 20 -j LOG --log-prefix 'SIP attack:'
 fi
	#!/bin/bash

	##
	# Fast VoIPBL implementation with iptables-restore.
	#
	# This is a very fast method (3-5 seconds) to apply and refresh the VoIPBL
	# blacklist by using iptables-restore.
	#
	# The default wget/awk method takes between 30-60 minutes to apply, and
	# leaves the server exposed during the process.
	#
	# The script only modifies the `VOIPBL` chain and leaves existing rules
	# intact.
	#
	# @author Geert Hauwaerts <[email protected]>
	# @copyright 2019 Geert Hauwaerts
	# @license BSD 3-Clause License
	##

	##
	# Installation:
	# 1. Save the script as `/etc/asterisk/voipbl.sh`
	# 2. Make the file executable: `chmod +x /etc/asterisk/voipbl.sh`
	# 3. Add a crontab to regularry refresh the list.
	#
	# Example crontab to update the list very 12 hours:
	# 0 /12 * * /etc/asterisk/voipbl.sh >/dev/null 2>&1
	##

	##
	# VoIPBL
	##

	if [ `iptables -v -L -n \| grep -c "Chain VOIPBL"` -lt 1 ]; then
	iptables -N VOIPBL
	iptables -I INPUT 1 -j VOIPBL
	fi

	wget -qO -- http://www.voipbl.org/update -O /tmp/voipbl.db

	echo '*filter' > /tmp/voipbl.ipt
	echo ':VOIPBL - [0:0]' >> /tmp/voipbl.ipt

	for i in $(cat /tmp/voipbl.db \| grep -v \#); do
	echo "-A VOIPBL -s $i -j DROP" >> /tmp/voipbl.ipt
	done

	echo 'COMMIT' >> /tmp/voipbl.ipt
	iptables-restore -n /tmp/voipbl.ipt

	##
	# SIP Attack Detection
	##

	if [ `iptables -v -L -n \| grep -c "udp dpt:5060 recent:"` -lt 1 ]; then
	iptables -A INPUT -p udp --dport 5060 -m recent --name sip --set
	iptables -A INPUT -p udp --dport 5060 -m recent --name sip --rcheck --seconds 2 --hitcount 20 -j LOG --log-prefix 'SIP attack:'
	fi