DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list from Spamhaus, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers.下降(不航线或同侪)是一个谘询“丢弃所有的交通”名单由SpamHaus说,构成被盗'僵尸' netblocks和netblocks控制完全由专业垃圾邮件发送者。 DROP is a tiny sub-set of the SBL advisory designed for use by firewalls and routing equipment.下降是一个微小的子集的sbl咨询设计使用的防火墙和路由设备。 It can also be implemented in iptable rules as explained below.它也可以实施在iptable规则,下面加以说明。

DROP is currently available as a simple text list.下降,目前可作为一个简单的文本清单。 The那个 DROP list下拉列表 will NEVER include any IP space “owned” by any legitimate network and reassigned - even if reassigned to the “spammers from hell”.绝不会包含任何IP地址空间“拥有”任何合法的网络和重新分配-即使调到“垃圾邮件发送者从地狱” 。 It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations.这将只包括IP地址空间完全控制垃圾邮件发送者或100 %的垃圾邮件代管业务。 These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.这些都是“直接拨款, ”从arin ,成熟, apnic , lacnic ,和其他已知的垃圾邮件发送者和令人不安的运行“劫持僵尸”的IP模块已抢去从原来的业主(即在大多数情况下是长期的死法团) ,并正控制垃圾邮件发送者或netblock小偷谁转售空间,以垃圾邮件发送者。

When implemented at a network or ISP’s ‘core routers’, DROP will protect all the network’s users from spamming, scanning, harvesting and dDoS attacks originating on rogue netblocks.当实施一个网络或ISP的'核心路由器' ,下拉将保护所有网络的用户发送垃圾邮件,扫描,收获和DDoS攻击原产于无赖netblocks 。

The following one line script will fetch the current list from DROP and convert it to iptables rules to reject packets from rogue netblocks:下面一条线脚本将市值目前的名单从下拉和它转换为iptables的规则拒绝数据包从无赖netblocks :
#!/bin/sh # ! / bin / sh的
curl -s http://www.spamhaus.org/drop/drop.lasso |grep ^[1-9]|cut -f 1 -d ‘ ‘ | xargs -iX -n 1 /sbin/iptables -A INPUT -s X -j DROP 卷曲- S的http://www.spamhaus.org/drop/drop.lasso | grep ^ [ 1-9 ] |削减- F的一维' , ' | xargs -九- N的1 / sbin / iptables的一个投入- s的X j下降

You should consider adding it to your cron job which runs not more than once per hour.您应该考虑其添加到您的作业运行不超过每小时一次。 Once per day is recommended.一旦每天建议。 My crontab reads:我的crontab内容如下:
0 0 * * * /etc/spamdrop 0 0 * * *在/ etc / spamdrop

Note: /etc/spamdrop is the path to the script.注:在/ etc / spamdrop是路径到脚本。

You can verify that the rules have been properly added with:您可以验证,该规则已经适当补充:
/sbin/iptables -nvL / sbin / iptables的- nvl

You will see entries like these:你会看到这些作品,像:

0 0 DROP 0 — * * 206.197.176.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.176.0/240 .0.0.0/ 0
0 0 DROP 0 — * * 206.197.177.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.177.0/240 .0.0.0/ 0
0 0 DROP 0 — * * 206.197.28.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.28.0/240 .0.0.0/ 0