FireHOL role
Setup FireHOL ip blacklists.
Usage
Configure the role.
firehol_enabled: true # default: false
firehol_data_dir: /usr/share/firehol # default: /etc/fireholAnd include it in your playbook.
- hosts: firehol
roles:
- role: fireholDocs
Test ip blocklist
Check if host ip is in applied blacklist.
sudo iptables -S FIREHOL_BLACKLIST | grep "$(hostname -I | awk '{print $1}')"
sudo iptables -S FIREHOL_BLACKLIST | grep "216.21.8.0"Check if iptable rules work.
IP="216.21.8.0/22"
sudo iptables -C FIREHOL_BLACKLIST -s $IP -j DROP && echo "Blocked" || echo "Not blocked"Chain does not exists
If you get the following error:
iptables v1.8.4 (nf_tables): Chain 'FIREHOL_BLACKLIST' does not exist
Try `iptables -h' or 'iptables --help' for more information.You have to create the table manually
sudo iptables -N FIREHOL_BLACKLIST