Attached is a document I wrote on how to implement the VoIP Blacklist into thirdlane. This works in a similar manner as the email RBLs in where a community updates a central database of known voip fraud. Instant gain blocking of 49k known IPs performing malicious fraud.
Just noticed I'm getting a
Just noticed I'm getting a "iptables: Resource temporarily unavailable." error on this now, I double checked the script on the voipbl website, and I see some people reporting this error due to low RAM but I have 18GB Free. Anyone else get this?
Just be wary of the quality
Just be wary of the quality of the data in the blocklist, anyone can add which is great, but comes with it's downsides.
We ran it on our core firewall and found someone had added 8.8.8.8 (Google's Public DNS) to the blocklist, which broke a stack of things.
When running the script
When running the script manually it showed on the cli, i can't find it in logs. Something weird has started happening with asterisk CPU being in the 200%'s and call audio getting choppy but I have to assume that's coincendental and I'll try to get some help with that separately.
One quickie thing I found
One quickie thing I found that if you include -n option in the "if [ `iptables -L | grep -c "Chain BLACKLIST-INPUT"` -lt 1 ]; then", the script wont waste a bunch of time & effort trying to resolve IPs.
I'm still trying to figure out the iptables: Resource temporarily unavailable. issue
Has anyone confirmed that the
Has anyone confirmed that the full list is being inserted into their iptables on their Thirdlane install? I just noticed on both my VM & Physical Thirdlane install, the ack/insert part of the script is running extremely slow and it seems to time out after around 20 minutes and get to around '193.x.x.x' and '199.x.x.x' in the blacklist. When running this on a mix of 9 other systems (non-thirdlane) it completed the whole list in about 5-6 minutes Both Thirdlane systems have way more CPU, iNet speeds, & RAM than the other ones so I'm pretty confused.
I can run iptables -L -n during the script and see that the Thirdlane boxes seem take 3x the time per entry than the other Linux boxes. Should I try updating something?
Erik - thanks for the excellent how-to. I was able to quickly implement this on my server & look forward to less sipvicious, etc... activity.
--Matt