DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list from Spamhaus, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers.下降(不航線或同儕)是一個諮詢“丟棄所有的交通”名單由SpamHaus說,構成被盜'殭屍' netblocks和netblocks控制完全由專業垃圾郵件發送者。 DROP is a tiny sub-set of the SBL advisory designed for use by firewalls and routing equipment.下降是一個微小的子集的sbl諮詢設計使用的防火牆和路由設備。 It can also be implemented in iptable rules as explained below.它也可以實施在iptable規則,下面加以說明。

DROP is currently available as a simple text list.下降,目前可作為一個簡單的文本清單。 The那個 DROP list下拉列表 will NEVER include any IP space “owned” by any legitimate network and reassigned - even if reassigned to the “spammers from hell”.絕不會包含任何IP地址空間“擁有”任何合法的網絡和重新分配-即使調到“垃圾郵件發送者從地獄” 。 It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations.這將只包括IP地址空間完全控制垃圾郵件發送者或100 %的垃圾郵件代管業務。 These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.這些都是“直接撥款, ”從arin ,成熟, apnic , lacnic ,和其他已知的垃圾郵件發送者和令人不安的運行“劫持殭屍”的IP模塊已搶去從原來的業主(即在大多數情況下是長期的死法團) ,並正控制垃圾郵件發送者或netblock小偷誰轉售空間,以垃圾郵件發送者。

When implemented at a network or ISP’s ‘core routers’, DROP will protect all the network’s users from spamming, scanning, harvesting and dDoS attacks originating on rogue netblocks.當實施一個網絡或ISP的'核心路由器' ,下拉將保護所有網絡的用戶發送垃圾郵件,掃描,收穫和DDoS攻擊原產於無賴netblocks 。

The following one line script will fetch the current list from DROP and convert it to iptables rules to reject packets from rogue netblocks:下面一條線腳本將市值目前的名單從下拉和它轉換為iptables的規則拒絕數據包從無賴netblocks :
#!/bin/sh # ! / bin / sh的
curl -s http://www.spamhaus.org/drop/drop.lasso |grep ^[1-9]|cut -f 1 -d ‘ ‘ | xargs -iX -n 1 /sbin/iptables -A INPUT -s X -j DROP 捲曲- S的http://www.spamhaus.org/drop/drop.lasso | grep ^ [ 1-9 ] |削減- F的一維' , ' | xargs -九- N的1 / sbin / iptables的一個投入- s的X j下降

You should consider adding it to your cron job which runs not more than once per hour.您應該考慮其添加到您的作業運行不超過每小時一次。 Once per day is recommended.一旦每天建議。 My crontab reads:我的crontab內容如下:
0 0 * * * /etc/spamdrop 0 0 * * *在/ etc / spamdrop

Note: /etc/spamdrop is the path to the script.注:在/ etc / spamdrop是路徑到腳本。

You can verify that the rules have been properly added with:您可以驗證,該規則已經適當補充:
/sbin/iptables -nvL / sbin / iptables的- nvl

You will see entries like these:你會看到這些作品,像:

0 0 DROP 0 — * * 206.197.176.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.176.0/240 .0.0.0/ 0
0 0 DROP 0 — * * 206.197.177.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.177.0/240 .0.0.0/ 0
0 0 DROP 0 — * * 206.197.28.0/24 0.0.0.0/0 0 0下降0 -* * 2 06.197.28.0/240 .0.0.0/ 0