If your Ubuntu system is directly exposed to the internet, either via a public IP address or port forwarding, an IP blocklist will add another layer of protection. I created a couple of scripts that integrate with ufw and update the list daily.
They have been designed to be very light on resource requirements and zero maintenance as the initial target platform was a single-board computer operating as a home internet gateway. After the initial installation, there are no further writes to the storage system to preserve solid state storage. Full details are available on the GitHub project: https://github.com/poddmo/ufw-blocklist.
Install the ipset package
Code:
sudo apt install ipset
Backup the original ufw after.init example script
Code:
sudo cp /etc/ufw/after.init /etc/ufw/after.init.orig
Install the ufw-blocklist files
Code:
git clone https://github.com/poddmo/ufw-blocklist.git
cd ufw-blocklist
chmod 750 after.init ufw-blocklist-ipsum
sudo cp after.init /etc/ufw/after.init
sudo cp ufw-blocklist-ipsum /etc/cron.daily/ufw-blocklist-ipsum
Download an initial IP blocklist from IPsum
Code:
curl -sS -f --compressed -o ipsum.4.txt 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt'
chmod 640 ipsum.4.txt
sudo cp ipsum.4.txt /etc/ipsum.4.txt
Download an initial IP blocklist from IPsum
Code:
curl -sS -f --compressed -o ipsum.4.txt 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt'
chmod 640 ipsum.4.txt
sudo cp ipsum.4.txt /etc/ipsum.4.txt
Restart ufw
Code:
sudo ufw reload