97bd5b000a
* run the service as a low privilege user and use sudo/doas to add
the block rules
* add support for pf firewall
* write documentation for the above
* add abort function for handling error logging and exit cleanup
1.3 KiB
1.3 KiB
A simple anti-spam system for question2answer, using the stopforumspam API and ufw.
To deploy:
-
modify the configuration variables in the scripts
-
copy the scripts to
/usr/local/bin -
create the user
useradd -s /sbin/nologin _forumspam -
if using
pf:-
create appropriate permissions for the file:
install -m 640 -o _forumspam -g wheel /dev/null /etc/pf-forumspam.txt
-
add the following to
/etc/pf.conf, preferably high up in the ruleset:table persist file "/etc/pf-forumspam.txt" block in quick on egress from block out quick on egress to
-
-
set up sudo or doas:
-
for doas:
- add the following to
/etc/doas.conf:
permit nopass _forumspam cmd pfctl args -nf /etc/pf.conf permit nopass _forumspam cmd pfctl args -t forumspam -T replace -f /etc/pf-forumspam.txt
- add the following to
-
for sudo:
- add to your sudo config file:
Cmnd_Alias FIREWALL = /usr/sbin/ufw, /sbin/iptablesand_forumspam ALL = NOPASSWD: FIREWALL
- add to your sudo config file:
-
-
register
q2a_usercheck.shas a systemd unit or rc script
TODO:
- also check against botscout
- give the scripts more sensible names