IPtables setup guide

Setup Q-Feeds

The Q-Feeds Blocklist is a security solution that provides the latest threat intelligence data to protect your system from malicious IP addresses associated with malware, botnets, and other cyber threats. This installer script automates the installation and configuration process, ensuring your system is up-to-date with the latest blocklists provided by Q-Feeds.

Note: Before using this software, you must accept the Terms & Conditions and End-User License Agreement (EULA) as published on https://qfeeds.com/terms.

Prerequisites

  • Operating System: Linux
  • Supported Distributions: Ubuntu, Debian, CentOS, RHEL, AlmaLinux, Rocky Linux, Fedora, openSUSE Leap, SLES, Arch Linux
  • Privileges: Root access is required to run the installer script and configure system settings.
  • Network Access: Ability to connect to https://api.qfeeds.com to fetch the blocklist data.
  • API Token: A valid Q-Feeds API Token. Obtain one from your Q-Feeds account or contact Q-Feeds support.

Installation Steps

1. Download the Installer Script

First, get in contact with your Q-Feeds partner or representative to obtain the installer script

2. Run the Installer Script

Make the installer script executable and run it as the root user:

chmod +x install_qfeeds.sh sudo ./install_qfeeds.sh

Important: The script must be run with root privileges to install dependencies and configure system settings.

 

3. Accept the Terms & Conditions and EULA

Upon running the script, you will be prompted to accept the Terms & Conditions and EULA.
Type `yes` to accept and proceed with the installation. 

4. Configure the Script

a. Enter Your Q-Feeds API Token

Input your API Token obtained from Q-Feeds.

b. Optional Settings

You can customize the following settings or press Enter to accept the defaults:

Feed Type: The type of threat intelligence feed you wish to use (default: malware_ip).

Limit: The maximum number of IP addresses to fetch (default: 130000).

c. Cron Job Schedule

Set how frequently the blocklist should be updated. (default: */20 * * * *)

5. Finalize Installation

The installer will install necessary dependencies, create configuration files, set up cron jobs, and run the main script once to verify installation.

Verification

  1. Check the Blocklist Update
    Verify that the blocklist has been fetched and ipset lists are populated by running the following commands:
    sudo ipset list qfeeds_blacklist_v4 sudo ipset list qfeeds_blacklist_v6
    2. Verify iptables Rules
    sudo iptables -L INPUT -v -n | grep qfeeds_blacklist_v4 sudo ip6tables -L INPUT -v -n | grep qfeeds_blacklist_v6

    3. Review Logs

    sudo tail /var/log/qfeeds_blocklist.log

File and Directory Locations

– Configuration File: /etc/qfeeds/qfeeds_config.conf – Log File: /var/log/qfeeds_blocklist.log – Main Script Executable: /usr/local/bin/update_qfeeds_blocklist.sh – Installer Script: /usr/local/bin/install_qfeeds.sh – Lock File: /var/lock/qfeeds_blocklist.lock – ipset Restore Rules: /etc/iptables/ipset.rules – Systemd Service for ipset restore: /etc/systemd/system/ipset-restore.service – Cron Job: Root’s crontab