From 590b286e4c5641edfd768d90de8cc690721804b9 Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 7 Jul 2018 09:19:35 +0200
Subject: synched some configuration from the live firewall

---
 config/obr/badhosts                                | 678 ++++++++++++++++++++-
 config/obr/nsd-external/etc/nsd.conf               |  14 +
 config/obr/nsd-external/zones/openbsd-firewall.org |  24 +
 config/obr/nsd-external/zones/pgfuse.org           |  24 +
 config/obr/nsd-internal/etc/nsd.conf               |   8 +
 config/obr/nsd-internal/zones/openbsd-firewall.org |  21 +
 config/obr/nsd-internal/zones/pgfuse.org           |  21 +
 config/obr/relayd.conf                             |   8 +
 8 files changed, 796 insertions(+), 2 deletions(-)
 create mode 100644 config/obr/nsd-external/zones/openbsd-firewall.org
 create mode 100644 config/obr/nsd-external/zones/pgfuse.org
 create mode 100644 config/obr/nsd-internal/zones/openbsd-firewall.org
 create mode 100644 config/obr/nsd-internal/zones/pgfuse.org

diff --git a/config/obr/badhosts b/config/obr/badhosts
index a7f8014..892076b 100644
--- a/config/obr/badhosts
+++ b/config/obr/badhosts
@@ -1,2 +1,676 @@
-# AHrefs.com Bot
-173.199.64.0/18
+# AHrefs.com Bot: unreasonable load on the web server
+213.186.112.0/20
+212.113.32.0/21
+173.199.115.112/29
+5.10.83.0/25
+54.36.148.0/24
+54.36.149.0/24
+54.36.150.0/24
+163.172.110.205
+163.172.110.48
+163.172.111.15
+163.172.111.16
+163.172.111.17
+163.172.111.18
+163.172.111.19
+163.172.111.20
+163.172.111.21
+163.172.111.218
+163.172.111.237
+163.172.111.250
+163.172.111.36
+163.172.111.4
+163.172.111.63
+163.172.251.141
+163.172.251.197
+163.172.251.202
+163.172.251.22
+163.172.251.234
+163.172.251.24
+163.172.251.25
+163.172.251.27
+163.172.255.108
+163.172.255.132
+163.172.255.141
+163.172.255.17
+163.172.255.180
+163.172.255.196
+163.172.255.222
+163.172.255.236
+163.172.255.75
+163.172.255.76
+163.172.255.83
+163.172.4.106
+163.172.4.164
+163.172.4.178
+163.172.4.224
+163.172.4.250
+163.172.4.35
+163.172.64.118
+163.172.64.177
+163.172.64.179
+163.172.64.180
+163.172.64.181
+163.172.64.182
+163.172.64.183
+163.172.64.184
+163.172.64.185
+163.172.64.186
+163.172.64.187
+163.172.64.188
+163.172.64.189
+163.172.64.190
+163.172.64.191
+163.172.64.192
+163.172.64.193
+163.172.64.199
+163.172.64.216
+163.172.64.217
+163.172.64.220
+163.172.64.222
+163.172.64.223
+163.172.64.224
+163.172.64.225
+163.172.64.227
+163.172.64.228
+163.172.64.229
+163.172.64.230
+163.172.64.231
+163.172.64.232
+163.172.64.233
+163.172.64.234
+163.172.64.235
+163.172.64.236
+163.172.64.237
+163.172.64.238
+163.172.64.239
+163.172.64.241
+163.172.64.242
+163.172.64.243
+163.172.64.244
+163.172.64.245
+163.172.64.246
+163.172.64.247
+163.172.64.249
+163.172.64.250
+163.172.64.251
+163.172.64.252
+163.172.64.253
+163.172.64.254
+163.172.64.4
+163.172.65.10
+163.172.65.106
+163.172.65.107
+163.172.65.108
+163.172.65.109
+163.172.65.11
+163.172.65.110
+163.172.65.111
+163.172.65.112
+163.172.65.113
+163.172.65.114
+163.172.65.116
+163.172.65.118
+163.172.65.119
+163.172.65.12
+163.172.65.120
+163.172.65.121
+163.172.65.122
+163.172.65.123
+163.172.65.124
+163.172.65.126
+163.172.65.127
+163.172.65.128
+163.172.65.129
+163.172.65.13
+163.172.65.130
+163.172.65.131
+163.172.65.132
+163.172.65.14
+163.172.65.141
+163.172.65.145
+163.172.65.15
+163.172.65.16
+163.172.65.18
+163.172.65.180
+163.172.65.181
+163.172.65.182
+163.172.65.183
+163.172.65.184
+163.172.65.185
+163.172.65.186
+163.172.65.187
+163.172.65.188
+163.172.65.189
+163.172.65.19
+163.172.65.190
+163.172.65.191
+163.172.65.192
+163.172.65.193
+163.172.65.194
+163.172.65.195
+163.172.65.196
+163.172.65.197
+163.172.65.198
+163.172.65.199
+163.172.65.2
+163.172.65.20
+163.172.65.200
+163.172.65.201
+163.172.65.202
+163.172.65.203
+163.172.65.204
+163.172.65.205
+163.172.65.206
+163.172.65.207
+163.172.65.208
+163.172.65.209
+163.172.65.21
+163.172.65.210
+163.172.65.213
+163.172.65.214
+163.172.65.215
+163.172.65.216
+163.172.65.217
+163.172.65.218
+163.172.65.219
+163.172.65.22
+163.172.65.220
+163.172.65.221
+163.172.65.222
+163.172.65.225
+163.172.65.226
+163.172.65.227
+163.172.65.228
+163.172.65.229
+163.172.65.23
+163.172.65.230
+163.172.65.231
+163.172.65.232
+163.172.65.234
+163.172.65.235
+163.172.65.236
+163.172.65.239
+163.172.65.24
+163.172.65.240
+163.172.65.241
+163.172.65.242
+163.172.65.243
+163.172.65.244
+163.172.65.245
+163.172.65.246
+163.172.65.248
+163.172.65.249
+163.172.65.25
+163.172.65.250
+163.172.65.251
+163.172.65.252
+163.172.65.26
+163.172.65.28
+163.172.65.29
+163.172.65.30
+163.172.65.31
+163.172.65.32
+163.172.65.33
+163.172.65.34
+163.172.65.35
+163.172.65.36
+163.172.65.37
+163.172.65.38
+163.172.65.39
+163.172.65.4
+163.172.65.40
+163.172.65.41
+163.172.65.42
+163.172.65.43
+163.172.65.44
+163.172.65.45
+163.172.65.46
+163.172.65.47
+163.172.65.48
+163.172.65.49
+163.172.65.5
+163.172.65.50
+163.172.65.51
+163.172.65.52
+163.172.65.53
+163.172.65.54
+163.172.65.55
+163.172.65.56
+163.172.65.57
+163.172.65.58
+163.172.65.59
+163.172.65.6
+163.172.65.60
+163.172.65.61
+163.172.65.62
+163.172.65.63
+163.172.65.64
+163.172.65.65
+163.172.65.66
+163.172.65.67
+163.172.65.68
+163.172.65.69
+163.172.65.73
+163.172.65.8
+163.172.66.100
+163.172.66.101
+163.172.66.102
+163.172.66.103
+163.172.66.104
+163.172.66.105
+163.172.66.106
+163.172.66.107
+163.172.66.108
+163.172.66.109
+163.172.66.11
+163.172.66.110
+163.172.66.111
+163.172.66.112
+163.172.66.113
+163.172.66.114
+163.172.66.115
+163.172.66.116
+163.172.66.117
+163.172.66.118
+163.172.66.119
+163.172.66.12
+163.172.66.120
+163.172.66.121
+163.172.66.123
+163.172.66.124
+163.172.66.125
+163.172.66.126
+163.172.66.127
+163.172.66.128
+163.172.66.129
+163.172.66.13
+163.172.66.130
+163.172.66.131
+163.172.66.132
+163.172.66.133
+163.172.66.134
+163.172.66.135
+163.172.66.136
+163.172.66.137
+163.172.66.138
+163.172.66.139
+163.172.66.14
+163.172.66.141
+163.172.66.142
+163.172.66.143
+163.172.66.144
+163.172.66.145
+163.172.66.146
+163.172.66.147
+163.172.66.148
+163.172.66.149
+163.172.66.15
+163.172.66.150
+163.172.66.151
+163.172.66.152
+163.172.66.153
+163.172.66.154
+163.172.66.155
+163.172.66.156
+163.172.66.157
+163.172.66.158
+163.172.66.159
+163.172.66.16
+163.172.66.160
+163.172.66.161
+163.172.66.163
+163.172.66.164
+163.172.66.165
+163.172.66.166
+163.172.66.167
+163.172.66.168
+163.172.66.169
+163.172.66.17
+163.172.66.170
+163.172.66.171
+163.172.66.172
+163.172.66.173
+163.172.66.174
+163.172.66.175
+163.172.66.176
+163.172.66.177
+163.172.66.178
+163.172.66.179
+163.172.66.18
+163.172.66.180
+163.172.66.181
+163.172.66.183
+163.172.66.184
+163.172.66.185
+163.172.66.189
+163.172.66.19
+163.172.66.194
+163.172.66.2
+163.172.66.20
+163.172.66.208
+163.172.66.21
+163.172.66.22
+163.172.66.222
+163.172.66.225
+163.172.66.23
+163.172.66.24
+163.172.66.25
+163.172.66.26
+163.172.66.27
+163.172.66.28
+163.172.66.29
+163.172.66.3
+163.172.66.30
+163.172.66.31
+163.172.66.32
+163.172.66.33
+163.172.66.34
+163.172.66.35
+163.172.66.36
+163.172.66.37
+163.172.66.38
+163.172.66.39
+163.172.66.4
+163.172.66.40
+163.172.66.41
+163.172.66.42
+163.172.66.43
+163.172.66.44
+163.172.66.45
+163.172.66.46
+163.172.66.47
+163.172.66.48
+163.172.66.49
+163.172.66.5
+163.172.66.50
+163.172.66.51
+163.172.66.52
+163.172.66.53
+163.172.66.54
+163.172.66.55
+163.172.66.56
+163.172.66.57
+163.172.66.58
+163.172.66.59
+163.172.66.6
+163.172.66.60
+163.172.66.61
+163.172.66.62
+163.172.66.63
+163.172.66.64
+163.172.66.65
+163.172.66.66
+163.172.66.67
+163.172.66.68
+163.172.66.69
+163.172.66.7
+163.172.66.70
+163.172.66.71
+163.172.66.73
+163.172.66.74
+163.172.66.75
+163.172.66.76
+163.172.66.77
+163.172.66.78
+163.172.66.79
+163.172.66.8
+163.172.66.80
+163.172.66.81
+163.172.66.82
+163.172.66.83
+163.172.66.84
+163.172.66.85
+163.172.66.86
+163.172.66.87
+163.172.66.88
+163.172.66.89
+163.172.66.9
+163.172.66.90
+163.172.66.91
+163.172.66.93
+163.172.66.94
+163.172.66.95
+163.172.66.96
+163.172.66.97
+163.172.66.98
+163.172.66.99
+163.172.67.177
+163.172.67.183
+163.172.67.201
+163.172.67.212
+163.172.67.240
+163.172.67.64
+163.172.67.89
+163.172.67.90
+163.172.68.118
+163.172.68.122
+163.172.68.123
+163.172.68.127
+163.172.68.128
+163.172.68.132
+163.172.68.133
+163.172.68.136
+163.172.68.147
+163.172.68.149
+163.172.68.81
+163.172.69.122
+163.172.69.126
+163.172.69.141
+163.172.69.168
+163.172.69.178
+163.172.69.212
+163.172.69.217
+163.172.69.235
+163.172.69.43
+163.172.69.56
+163.172.69.57
+163.172.69.76
+163.172.69.91
+163.172.70.183
+163.172.70.217
+163.172.70.26
+163.172.70.45
+163.172.70.88
+163.172.71.13
+163.172.71.179
+163.172.71.21
+163.172.71.211
+163.172.71.227
+163.172.71.244
+163.172.71.29
+163.172.71.43
+163.172.71.45
+163.172.71.55
+163.172.71.90
+163.172.72.132
+163.172.72.174
+163.172.72.48
+163.172.72.60
+163.172.72.70
+163.172.73.155
+163.172.73.219
+163.172.73.247
+163.172.73.28
+163.172.73.33
+163.172.73.84
+163.172.73.97
+163.172.74.13
+163.172.74.158
+163.172.74.42
+163.172.74.43
+163.172.74.80
+195.154.104.105
+195.154.104.133
+195.154.104.134
+195.154.104.135
+195.154.104.136
+195.154.104.137
+195.154.104.138
+195.154.104.139
+195.154.104.140
+195.154.104.141
+195.154.104.142
+195.154.104.143
+195.154.104.144
+195.154.104.145
+195.154.104.146
+195.154.104.147
+195.154.104.148
+195.154.104.149
+195.154.104.150
+195.154.104.151
+195.154.104.152
+195.154.104.153
+195.154.104.154
+195.154.104.155
+195.154.104.156
+195.154.104.157
+195.154.104.158
+195.154.104.159
+195.154.104.160
+195.154.104.161
+195.154.104.162
+195.154.104.163
+195.154.104.164
+195.154.104.165
+195.154.104.166
+195.154.104.167
+195.154.104.168
+195.154.104.169
+195.154.104.170
+195.154.104.173
+195.154.104.174
+195.154.104.175
+195.154.104.176
+195.154.104.177
+195.154.104.178
+195.154.104.179
+195.154.104.180
+195.154.104.181
+195.154.104.182
+195.154.104.183
+195.154.104.184
+195.154.104.185
+195.154.104.186
+195.154.104.187
+195.154.104.188
+195.154.104.189
+195.154.104.190
+195.154.104.191
+195.154.104.192
+195.154.104.193
+195.154.104.194
+195.154.104.195
+195.154.104.196
+195.154.104.197
+195.154.104.198
+195.154.104.199
+195.154.104.200
+195.154.104.201
+195.154.104.202
+195.154.104.203
+195.154.104.204
+195.154.104.205
+195.154.104.206
+195.154.104.207
+195.154.104.208
+195.154.104.209
+195.154.104.210
+195.154.104.211
+195.154.104.212
+195.154.104.213
+195.154.104.214
+195.154.104.215
+195.154.104.216
+195.154.104.217
+195.154.104.218
+195.154.104.219
+195.154.104.222
+195.154.104.26
+195.154.104.51
+195.154.104.53
+195.154.104.75
+195.154.84.92
+51.15.183.109
+51.15.183.152
+51.15.183.158
+51.15.183.33
+51.15.183.59
+51.15.183.87
+51.15.183.88
+51.15.183.92
+51.15.191.12
+51.15.191.125
+51.15.191.16
+51.15.191.219
+51.15.191.220
+51.15.191.252
+
+# Semrush-bot: unreasonable load on the web server
+192.243.55.137
+192.243.55.136
+192.243.55.134
+192.243.55.132
+192.243.55.133
+192.243.55.135
+213.174.146.163
+46.229.164.101
+46.229.164.100
+46.229.164.98
+46.229.164.102
+46.229.164.99
+46.229.164.114
+46.229.164.113
+46.229.164.101
+46.229.161.132
+46.229.161.136
+46.229.161.138
+46.229.164.103
+46.229.164.97
+50.17.105.131
+50.17.33.197
+50.19.36.141
+107.21.183.210
+107.22.134.187
+107.22.68.116
+174.129.166.77
+184.72.94.71
+184.73.143.31
+204.236.244.200
+184.72.140.220
+107.22.128.82
+50.16.154.80
+107.22.128.82
+50.16.154.80
+107.21.149.52
+23.20.75.166
+50.16.11.183
+107.21.155.119
+23.20.2.192
+75.101.210.171
+184.72.187.47
+184.72.163.70
+184.72.181.183
+184.73.13.192
+184.73.142.88
+184.73.58.164
+204.236.243.108
+50.16.162.168
+50.19.162.168
+50.19.162.61
+107.21.139.47
+75.101.242.89
+50.16.179.70
+184.72.168.246
+50.17.117.164
+50.19.179.186
+107.20.126.228
+50.16.94.41
+50.17.107.112
+75.101.205.112
+69.10.37.186
+
+# bad visits (hammering my web page or mail server or both)
+94.102.56.215
+123.157.156.166
diff --git a/config/obr/nsd-external/etc/nsd.conf b/config/obr/nsd-external/etc/nsd.conf
index 82c0cb0..0529af7 100644
--- a/config/obr/nsd-external/etc/nsd.conf
+++ b/config/obr/nsd-external/etc/nsd.conf
@@ -34,3 +34,17 @@ zone:
 	provide-xfr: 173.244.206.25 NOKEY
 	provide-xfr: 173.244.206.26 NOKEY
 	provide-xfr: 88.198.106.11 NOKEY
+
+zone:
+	name: "pgfuse.org"
+	zonefile: "pgfuse.org"
+	provide-xfr: 173.244.206.25 NOKEY
+	provide-xfr: 173.244.206.26 NOKEY
+	provide-xfr: 88.198.106.11 NOKEY
+
+zone:
+	name: "openbsd-firewall.org"
+	zonefile: "openbsd-firewall.org"
+	provide-xfr: 173.244.206.25 NOKEY
+	provide-xfr: 173.244.206.26 NOKEY
+	provide-xfr: 88.198.106.11 NOKEY
diff --git a/config/obr/nsd-external/zones/openbsd-firewall.org b/config/obr/nsd-external/zones/openbsd-firewall.org
new file mode 100644
index 0000000..ce3666c
--- /dev/null
+++ b/config/obr/nsd-external/zones/openbsd-firewall.org
@@ -0,0 +1,24 @@
+; external view of zone openbsd-firewall.org
+
+$TTL 60
+
+@		IN	SOA	ns.openbsd-firewall.org. admin.openbsd-firewall.org. (
+				2018060900	; serial
+				3h		; refresh
+				15m		; retry
+				2w		; expire
+				60		; minimum TTL
+			)
+
+	IN	NS		d.ns.buddyns.com.
+	IN	NS		f.ns.buddyns.com.
+	IN	NS		h.ns.buddyns.com.
+
+
+$ORIGIN openbsd-firewall.org.
+
+	IN	A		83.150.2.48
+
+ns	IN	A		83.150.2.48
+
+www	IN	A		83.150.2.48
diff --git a/config/obr/nsd-external/zones/pgfuse.org b/config/obr/nsd-external/zones/pgfuse.org
new file mode 100644
index 0000000..7466aec
--- /dev/null
+++ b/config/obr/nsd-external/zones/pgfuse.org
@@ -0,0 +1,24 @@
+; external view of zone pgfuse.org
+
+$TTL 60
+
+@		IN	SOA	ns.pgfuse.org. admin.pgfuse.org. (
+				2018060800	; serial
+				3h		; refresh
+				15m		; retry
+				2w		; expire
+				60		; minimum TTL
+			)
+
+	IN	NS		d.ns.buddyns.com.
+	IN	NS		f.ns.buddyns.com.
+	IN	NS		h.ns.buddyns.com.
+
+
+$ORIGIN pgfuse.org.
+
+	IN	A		83.150.2.48
+
+ns	IN	A		83.150.2.48
+
+www	IN	A		83.150.2.48
diff --git a/config/obr/nsd-internal/etc/nsd.conf b/config/obr/nsd-internal/etc/nsd.conf
index 9487e25..3fd84a6 100644
--- a/config/obr/nsd-internal/etc/nsd.conf
+++ b/config/obr/nsd-internal/etc/nsd.conf
@@ -35,3 +35,11 @@ zone:
 zone:
 	name: "maschezuoz.ch"
 	zonefile: "maschezuoz.ch"
+
+zone:
+	name: "pgfuse.org"
+	zonefile: "pgfuse.org"
+
+zone:
+	name: "openbsd-firewall.org"
+	zonefile: "openbsd-firewall.org"
diff --git a/config/obr/nsd-internal/zones/openbsd-firewall.org b/config/obr/nsd-internal/zones/openbsd-firewall.org
new file mode 100644
index 0000000..eaf70b4
--- /dev/null
+++ b/config/obr/nsd-internal/zones/openbsd-firewall.org
@@ -0,0 +1,21 @@
+; internal view of zone openbsd-firewall.org
+
+$TTL 60
+
+@		IN	SOA	ns.openbsd-firewall.org. admin.openbsd-firewall.org. (
+				2018060900	; serial
+				3h		; refresh
+				15m		; retry
+				2w		; expire
+				60		; minimum TTL
+			)
+
+	IN	NS		ns.openbsd-firewall.org.
+
+$ORIGIN openbsd-firewall.org.
+
+	IN		A	192.168.1.15
+
+ns			A	192.168.1.1
+
+www			A	192.168.1.15
diff --git a/config/obr/nsd-internal/zones/pgfuse.org b/config/obr/nsd-internal/zones/pgfuse.org
new file mode 100644
index 0000000..804b5e4
--- /dev/null
+++ b/config/obr/nsd-internal/zones/pgfuse.org
@@ -0,0 +1,21 @@
+; internal view of zone pgfuse.org
+
+$TTL 60
+
+@		IN	SOA	ns.pgfuse.org. admin.pgfuse.org. (
+				2018060800	; serial
+				3h		; refresh
+				15m		; retry
+				2w		; expire
+				60		; minimum TTL
+			)
+
+	IN	NS		ns.pgfuse.org.
+
+$ORIGIN pgfuse.org.
+
+	IN		A	192.168.1.15
+
+ns			A	192.168.1.1
+
+www			A	192.168.1.15
diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf
index ba52e74..ef8339f 100644
--- a/config/obr/relayd.conf
+++ b/config/obr/relayd.conf
@@ -48,6 +48,14 @@ http protocol "http_protocol" {
 		forward to <euroserver> no tag
 	match request quick header "Host" value "archlinux32.andreasbaumann.cc" \
 		forward to <eurobuild3> no tag
+	match request quick header "Host" value "www.pgfuse.org" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "pgfuse.org" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "www.openbsd-firewall.org" \
+		forward to <euroweb> no tag
+	match request quick header "Host" value "openbsd-firewall.org" \
+		forward to <euroweb> no tag
 
 	block request tagged disallowed_host label "BAD host"
 }
-- 
cgit v1.2.3-54-g00ecf