| author | title | summary | tags | |||||
|---|---|---|---|---|---|---|---|---|
Bretton Vine |
Rbldnsd |
Rbldnsd is a pot image with a dns-based blocklist and automatic rules updating from github public rulesets. |
|
This flavour currently contains rbldnsd for managing the DNS blocklist.
The ruleset is pulled from https://github.com/borestad/blocklist-ip
The flavour includes a local consul agent instance to be available that it can connect to (see configuration below). You can e.g. use the consul pot flavour on this site to run consul. You can also connect to this host and service consul restart manually.
- Create your local jail from the image or the flavour files.
- Clone the local jail
- Adjust to your environment:
sudo pot set-env -p <jailname> \ -E DATACENTER=<datacentername> \ -E NODENAME=<nodename> \ -E IP=<IP address of this system> \ -E CONSULSERVERS='<correctly formatted list of quoted IP addresses>' \ -E GOSSIPKEY=<32 byte Base64 key from consul keygen>] \ -E DOMAIN=<your domain name> \ -E SSLEMAIL="<email address for certificate rgistration>" \ [ -E REMOTELOG=<IP address> ] \ [ -E RULESET="ruleset" ] - Start the jail
The DATACENTER parameter defines a common datacenter.
The NODENAME parameter defines the name of this node.
The IP parameter is the IP address which will be used to access services.
The CONSULSERVERS parameter defines the consul server instances, and must be set as CONSULSERVERS='"10.0.0.2"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4"' or CONSULSERVERS='"10.0.0.2", "10.0.0.3", "10.0.0.4", "10.0.0.5", "10.0.0.6"'
The GOSSIPKEY parameter is the gossip encryption key for consul agent. We're using a default key if you do not set the parameter, do not use the default key for production encryption, instead provide your own.
The DOMAIN parameter is the domain name to use for this host. This will be utilised at bl.$DOMAIN and you must setup a DNS entry to match.
The SSLEMAIL parameter is the email address used to register the domain at zerossl.
The REMOTELOG parameter is the IP address of a destination syslog-ng server, such as with the loki flavour, or beast-of-argh flavour.
The RULESET parameter is one of 1, 2, 3, 7, or 30, for the ruleset sources. The default is 30d.
This early version just starts rbldnsd with the applicable ruleset, and can be added to postfix as a RBL.
A standard page is available at https://bl.YOURDOMAIN and RBL block messages with URIs are automatically directed to the default page.
To test if working, take example IP 1.2.3.4, put in reverse notation, and append bl.your.domain and the IP to query:
host -t TXT 4.3.2.1.bl.your.domain ip.of.rbldnsd