Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
firehol
-
Ask HN: Someone is proxy-mirroring my website, can I do anything?
http://iplists.firehol.org/ looks free and very comprehensive. It has whole bunch of sub-lists of IPs that are likely to be sources of abuse, including datacenters and VPNs, and it gets updated frequently. Github: https://github.com/firehol/firehol
-
How I protect my externally exposed services
it does somewhat but requires additional rules for the docker chains: https://github.com/firehol/firehol/issues/114
- How to easily convert iptables-based rsyslog/logrotate configs to nflog/ulogd2?
-
Server firewalling options
I like how it's configured, thanks for elaborating in it, I'm amazed I never heard of this project before. That link take me to https://github.com/firehol/firehol/pull/262 is that the right way?
-
Ubuntu Kvm Vps Iptables Ctstate
One thing: the `interface not [devices...]` capability, as noted above, is slightly lacking. We get around it with a `interface e+ exposed` command, for now. Details: https://github.com/firehol/firehol/issues/450
-
Confused About Firehol Ip Lists
I can not find the URL, I have found this: https://github.com/firehol/firehol/blob/master/sbin/update-ipsets
nrich
-
Ask HN: Someone is proxy-mirroring my website, can I do anything?
1. Grab the list of IPs that you've already identified and feed them through shodan.io or nrich (https://gitlab.com/shodan-public/nrich): "nrich bad-ips.txt"
2. See if all of the offending IPs share a common open port/ service/ provider/ hostname/ etc. Your regular visitors probably connect from IPs that don't have any open ports exposed to the Internet (or just 7547).
3. If the IPs share a fingerprint then you could lazily enrich client IPs using https://internetdb.shodan.io and block them in near real-time. You could also do the IP enrichment before returning content but then you're adding some latency (<40ms) to every page load which isn't ideal.
-
nrich - Find Open ports, vulnerabilities quickly
Installation https://gitlab.com/shodan-public/nrich/-/releases
- nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
- nrich - CLI to show open ports from a list of IPs (via Shodan)
- nrich - A tool written in Rust to quickly enrich a list of IPs with open ports and vulnerabilities
What are some alternatives?
blocklist-ipsets - ipsets dynamically updated with firehol's update-ipsets.sh script
iptables-nftables-multiroute-firewall - A collection of nftables, multi routing scripts, port knocked, and iptables files. To get inspiration to make your own firewalls.
v4
ufw-docker - To fix the Docker and UFW security flaw without disabling iptables
javascript-obfuscator - A powerful obfuscator for JavaScript and Node.js
docker-host - A docker sidecar container to forward all traffic to local docker host or any other host
ansible-iptables - Ansible role that applies a strict and secure set of rules to iptables with many configurable options
kalitorify - Transparent proxy through Tor for Kali Linux OS
iptables-ddns - Using domain name on IPtables. Keep updated firewall rules from dynamic DNS (DDNS).
IPSet_ASUS - Skynet - Advanced IP Blocking For ASUS Routers Using IPSet.
csf-post-docker - CSF with support for Docker