When we install a firewall on a system , we mainly have two policies that we can follow, permissive policy (we allow everything except what we want to block) or restrictive policy (block everything except what we specifically want to allow). Currently on the Internet we have a large number of lists of malicious IP addresses that we can block, with the aim that possible attacks carried out on us are blocked directly in the firewall. Do you want to know the best lists of malicious IP addresses that you can use in your firewall?
Why do we need a list of IP addresses to block them?
The first defense barrier in any system are firewalls, this type of device, whether hardware or software, allows us to block or allow the different connections that come from the Internet. Although we generally have systems for detecting viruses, Trojans and malware in general, and we even have systems for detecting and preventing intrusions, etc. A very good security policy is to block all traffic from all IP addresses, except what we do want to allow, but if due to our architecture and needs, we must allow access from around the world, then it is absolutely necessary to have certain lists of Public IP addresses that are classified as malicious, in order to adequately protect our systems.
Using IP address block lists is highly recommended, these IP address lists are designed by the community, and it is that sharing knowledge among us is essential to fight against cybercriminals, in this way, we can effectively block all scammers and attackers who try to harm our company or services.
In this article we have a complete tutorial on how to block country IPs with iptables using ipset . In the event that you have to leave the firewall open for all the countries of the world, then you will have to configure specific ipsets of iptables, adding all the malicious IP addresses that are known. In this GitHub repository you can find a huge list of IPv4 addresses that is updated weekly, in this list you can find IP addresses to block with the minimum number of false positives possible. This list is created to be used directly using ipset of type hash: net, but you could also use it in any other firewall using the complete list of IP addresses and subnets that we have available.
In the event that you are interested in configuring your firewall with IP addresses with a specific use, such as blocking everything related to the Bitcoin network blocking the Blockchain network, you can also do it easily and quickly, by accessing the official GitHub repository of Firehol . In this complete repository we have lists of public IP addresses of all kinds:
- IP addresses cataloged by AlienVault
- Threat pfBlockerNG IP addresses
- Bitcoin and Blockchain in general
- Blocking lists of bots, attackers who brute force different services such as FTP, IMAP, Email, SIP, SSH and other protocols.
We recommend you access the repository where you will find all the lists, and you can also see a lot of information for each list, such as the evolution of IP addresses added or removed, the map of the geolocation of IP addresses, since when is an IP address in this list , the retention policy of IP addresses and even if a specific IP matches other lists that we currently have. Finally, we can see user comments in case there is any kind of problem when using them.