From e2e08c58517bbee355dbca4bc3f1321f8c7964a2 Mon Sep 17 00:00:00 2001
From: zhongjin <zhongjin@onenetcom.cn>
Date: Tue, 29 Nov 2022 21:48:59 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20'README.md'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 79 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0f97c78..cf22c18 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,81 @@
 # fw
 
-SIP 网络安全
\ No newline at end of file
+SIP 网络安全
+
+sudo apt-get install ipset fail2ban
+
+
+voipbl.sh
+
+```
+#!/bin/bash
+
+URL="http://www.voipbl.org/update/"
+
+set -e
+echo "Downloading rules from VoIP Blacklist"
+wget -qO - $URL -O /tmp/voipbl.txt
+
+echo "Loading rules..."
+
+# Check if rule set exists and create one if required
+if ! $(/usr/sbin/ipset list voipbl > /dev/null 2>&1); then
+  ipset -N voipbl iphash
+fi
+  
+#Check if rule in iptables
+if ! $(/sbin/iptables -w --check INPUT -m set --match-set voipbl src -j DROP > /dev/null 2>&1); then
+ /sbin/iptables -I INPUT 1 -m set --match-set voipbl src -j DROP
+fi
+ 
+# Create temporary chain
+ipset destroy voipbl_temp > /dev/null 2>&1 || true
+ipset -N voipbl_temp iphash hashsize 131072 maxelem 260000
+ 
+cat /tmp/voipbl.txt |\
+  awk '{print "if ! [[ \""$1"\" =~ ^#$|^0.0.0.0 ]]; then /usr/sbin/ipset -A voipbl_temp \""$1"\" ; fi;"}' | sh
+ 
+ipset swap voipbl_temp voipbl
+ipset destroy voipbl_temp || true
+ 
+echo "Done! Rules loaded"
+
+```
+
+/etc/cron.d/voipbl
+
+```
+# update blacklist each 4 hours
+0 */4 * * * * root /usr/local/bin/voipbl.sh
+```
+4小时
+
+/etc/fail2ban/jail.conf
+
+```
+[asterisk-iptables]
+action   = iptables-allports[name=ASTERISK, protocol=all]
+           voipbl[serial=XXXXXXXXXX]
+
+```
+
+/etc/fail2ban/action.d/voipbl.conf. 
+
+```
+# Description: Configuration for Fail2Ban
+
+[Definition]
+
+actionban   = <getcmd> "<url>/ban/?serial=<serial>&ip=<ip>&count=<failures>"
+actionunban = <getcmd> "<url>/unban/?serial=<serial>&ip=<ip>&count=<failures>"
+
+[Init]
+
+getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 \
+              --read-timeout=60 --retry-connrefused --output-document=- \
+	      --user-agent=Fail2Ban
+
+url = http://www.voipbl.org
+
+```
+