Blocking bogon’s is good for you and your servers health – only because they are generally un-assigned by IANA or the RIR. These bogus IP blocks are perfect for spamming and criminal activity. Read more about them here.
To block these, I wrote this a while back and while hits may be low, in case they ever get routed or make it to my box. I do need to expand to allow updates if a block is now assigned.
#!/bin/sh
#
# Drop all these bad IP's
#
TMPFILE=/tmp/`apg -a 1 -M nc -n 1 -m 26`
touch $TMPFILE
curl -s http://www.spamhaus.org/drop/drop.lasso |grep ^[1-9]|cut -f 1 -d ' ' > $TMPFILE
for IP in `cat $TMPFILE`; do
/sbin/shorewall drop $IP
sleep 5
done
Run this as a cron or in sync with reloading IP tables.
