This is a free firewall you can implement that is updated regularly. This adds IP CIDRs to ipsets then updates them on IPTables. To use this script setup as a CRON job and it will update when an update is needed. My recommendation is to put this in its own directory as it will download a file for each ipset.
IPTables is the first focus for demonstrating how to identify and eliminate IP blocks to protect a server, protocol or ports. Although there is much ado about firewalld my preference is IPTables for this reason:
I can add, remove or modify the firewall without ever having to restart nftables or iptables. This is the primary reason. From my perspective the general reason for the firewalld firewall is that it is easier for someone less knowledgeable about networking, TCP/IP and protocols perform basic firewall functions. But that is just my perspective after having learned Firewalld, IPTables and Windows Firewall with Advanced Security IPTables is my preferred tool for firewall security. Rocky Linux is my preferred Enterprise Server operating system and became so shortly after IBM purchased CentOS. Debian flavored operating systems were always the Desktop version of Linux and referred to as “The Hackers version of Linux” by my late mentor. Indeed it has taken off through Ubuntu which is based (or was) based out of the UK and to me truly does still live up to the title “Hackers version of Linux” as that is what Kali is built on if anyone has ever heard of that. It is a pretty slick tool though and I run it on occasion as a VPS on my local network with VirtualBox.
These builds have been tested only on Rocky Linux 9.x using VirtualBox locally and Windows Hyper-V remotely. Some of these scripts have also been tested on CentOS 7.9. Also, these scripts are dependent on IPTables as the wrapper for nftables and IPSet.
Country Blacklist – Blacklist selected or all countries currently only available for Rocky/RedHat Linux
Email Blacklist – Spammers and Login fishing.
WordPress – Login failures and form spammers
Base LAMP Firewall – Script to build a base firewall and start at boot. This script is also useful for setting up IPTables.