From dca24a4a775cfd749573e45df4f4d9cac5d2b3d8 Mon Sep 17 00:00:00 2001 From: Stefan Pejcic Date: Sun, 28 Jul 2024 20:38:40 +0200 Subject: [PATCH] Update firewall.md --- documentation/docs/admin/security/firewall.md | 64 ++++++++++++++++++- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/documentation/docs/admin/security/firewall.md b/documentation/docs/admin/security/firewall.md index 6809f2a3..954e1af4 100644 --- a/documentation/docs/admin/security/firewall.md +++ b/documentation/docs/admin/security/firewall.md @@ -60,11 +60,71 @@ To delete a rule click on the 'Delete' link next to it, and in the confirmaiton ### Blacklists +Unless the `--skip-blacklists` flag is provided during the installation of OpenPanel, ipset-blacklists are automatically installed when the `--ufw` flag is used. -openadmin_ufw_blacklists.png +From the **OpenAdmin > Security > Firewall > Blacklists** page, administrators can easily add blacklists to block IP addresses from known malicious sources. + +This feature utilizes the [ipset-blacklist](https://github.com/stefanpejcic/ipset-blacklist) service to automate the process of fetching and blocking IPs, providing a straightforward and effective method to enhance system security without manual intervention. + +![openadmin ufw ipsetblacklists](/img/admin/openadmin_ufw_blacklists.png) + +Default blacklists: + +| Blacklist | URL | +|-----------------|----------------------------------------------------------------------| +| AbuseIPDB (DISABLED) | [https://api.abuseipdb.com/api/v2/blacklist](https://api.abuseipdb.com/api/v2/blacklist) | +| OpenPanel | [https://api.openpanel.co/blocklist.txt](https://api.openpanel.co/blocklist.txt) | +| Spamhaus DROP | [https://www.spamhaus.org/drop/drop.lasso](https://www.spamhaus.org/drop/drop.lasso) | +| Spamhaus EDROP | [https://www.spamhaus.org/drop/edrop.lasso](https://www.spamhaus.org/drop/edrop.lasso) | +| DShield | [https://www.dshield.org/feeds/suspiciousdomains_Low.txt](https://www.dshield.org/feeds/suspiciousdomains_Low.txt) | +| FireHOL level1 | [https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset](https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset) | +| FireHOL level2 | [https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset](https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset) | +| FireHOL level3 | [https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset](https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset) | +| FireHOL level4 | [https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset](https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset) | +| Binary Defense | [https://www.binarydefense.com/banlist.txt](https://www.binarydefense.com/banlist.txt) | +| blocklist.de | [https://lists.blocklist.de/lists/all.txt](https://lists.blocklist.de/lists/all.txt) | ---skip-blacklists + + + +To enable or disable a blacklist in the OpenAdmin interface, click the 'Actions' button for the desired list, then select 'Enable' or 'Disable'. + +To delete a blacklist from the OpenAdmin interface, click the 'Actions' button for the desired list, then select 'Delete'. + + + + +To manage blacklists from the terminal: + +- Download new IP addresses for all enabled blocklists: + ```bash + opencli blacklist --fetch + ``` +- Update all ipsets rules and reload UFW service: + ```bash + opencli blacklist --update_ufw + ``` +- Add a new blacklist: + ```bash + opencli blacklist --add-blacklist name= url= + ``` +- Enable a blacklist: + ```bash + opencli blacklist --enable-blacklist= + ``` +- Disable a blacklist: + ```bash + opencli blacklist --disable-blacklist= + ``` +- Delete a blacklist: + ```bash + opencli blacklist --delete-blacklist= + ``` + + + + ### View logs