/gist:075792cecb12387d35ac81b1395ef554 Secret

## gistfile1.txt
#!/bin/bash -

###########################################################################
# 2014-03-03 by burningpenguin: scriptblacklistip
#
# add blocked IPs to the firewall to not be accessed from green/blue
###########################################################################
# 2014-03-03 initial version
# 2014-12-13 adjustments by Garp
# 2014-12-28 adjustments by Garp (blocklists added)
# 2014-12-29 Garp: Remove yoyo Ads, they are being blocked by using the
#                hostsfile and the url filter
# 2016-03-03 jackyes: Added some list and adapted to work on NethServer
#                (NOTE: add blacklist option to interface in  /etc/shorewall/interfaces)
# 2016-06-03 jackyes: Added Ransomware blocklist, readded yoyoadlist
#
###########################################################################
# usage
#  extend by adding this section per blacklist url
#   #get list from ??service??
#   printf "\n Get files: ??service???"
#   wget -O - http:???url??? > /etc/sysconfig/blacklisttmp
#   cat /etc/sysconfig/blacklisttmp >> /etc/sysconfig/blacklist
#
#
###########################################################################

mkdir /root/blacklist
rm -rf /root/blacklist/*
rm -rf /etc/shorewall/blrules

#get list from other-block
printf "\n Get files: other-block"
cp /root/other-block.txt /root/blacklist/blacklistother-block
cat /root/blacklist/blacklistother-block >> /root/blacklist/blacklist

#get list from fail2ban block list
printf "\n Get files: fail2ban-block"
cp /root/fail2ban-block.txt /root/blacklist/blacklistfail2ban-block
cat /root/blacklist/blacklistfail2ban-block >> /root/blacklist/blacklist

#get list from CIA-Army
printf "\n Get files: CIA-Army"
wget -O -  http://cinsscore.com/list/ci-badguys.txt > /root/blacklist/blacklistcibadguys
cat /root/blacklist/blacklistcibadguys >> /root/blacklist/blacklist

#get list from Ransomware tracker
printf "\n Get files: Ransomware List"
wget -O -  https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt > /root/blacklist/RW_IPBL
cat /root/blacklist/RW_IPBL >> /root/blacklist/blacklist

#get list from YoYo Ad List
printf "\n Get files: YoYo AD LIST"
wget -O -  "https://pgl.yoyo.org/as/iplist.php?format=&showintro=0" > /root/blacklist/YOYOAD
cat /root/blacklist/YOYOAD >> /root/blacklist/blacklist

#get list from malc0de
printf "\n Get files: malc0de"
wget -O -  http://malc0de.com/bl/IP_Blacklist.txt > /root/blacklist/blacklistmalc0de
cat /root/blacklist/blacklistmalc0de >> /root/blacklist/blacklist

#get list from openbl.org
printf "\n Get files: OpenBL 7 days"
wget -O - http://www.openbl.org/lists/base_7days.txt > /root/blacklist/blacklistopen7days
cat /root/blacklist/blacklistopen7days >> /root/blacklist/blacklist

#get list from emergingthreats
printf "\n Get files: EmergingThreats Compromised IPs"
wget -O -  http://rules.emergingthreats.net/blockrules/compromised-ips.txt > /root/blacklist/blacklistemercompr
cat /root/blacklist/blacklistemercompr >> /root/blacklist/blacklist

#get list from emergingthreats
printf "\n Get files: EmergingThreats Block IPs"
wget -O - --no-check-certificate https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt > /root/blacklist/blacklistemerblock
cat /root/blacklist/blacklistemerblock >> /root/blacklist/blacklist

#get list from palevotracker
printf "\n Get files: palevo"
wget -O - --no-check-certificate https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist > /root/blacklist/blacklistpalevo
cat /root/blacklist/blacklistpalevo >> /root/blacklist/blacklist

#get list from feodotracker Blocklist
printf "\n Get files: Feodo A"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=ipblocklist > /root/blacklist/blacklistfeodoa
cat /root/blacklist/blacklistfeodoa >> /root/blacklist/blacklist

#get list from feodotracker BadIPS
printf "\n Get files: Feodo BadIPS"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=badips > /root/blacklist/blacklistfeodob
cat /root/blacklist/blacklistfeodob >> /root/blacklist/blacklist

#get list from zeustracker
printf "\n Get files: zeus"
wget -O - --no-check-certificate https://zeustracker.abuse.ch/blocklist.php?download=badips > /root/blacklist/blacklistzeus
cat /root/blacklist/blacklistzeus >> /root/blacklist/blacklist

#get list from blacklist.de - all.txt
##VERY BIG!!
#printf "\n Get files: blacklistede all"
#wget -O - http://lists.blocklist.de/lists/all.txt > /root/blacklist/blacklistblall
#cat /root/blacklist/blacklistblall >> /root/blacklist/blacklist

#get list from blacklist.de - apache.txt
##VERY BIG!!
#printf "\n Get files: blacklistede apache"
#wget -O - http://lists.blocklist.de/lists/apache.txt > /root/blacklist/blacklistblapache
#cat /root/blacklist/blacklistblapache >> /root/blacklist/blacklist

#get list from blacklist.de - imap.txt
printf "\n Get files: blacklistede imap"
wget -O - http://lists.blocklist.de/lists/imap.txt > /root/blacklist/blacklistblimap
cat /root/blacklist/blacklistblimap >> /root/blacklist/blacklist

#get list from blacklist.de - ssh.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/ssh.txt > /root/blacklist/blacklistblssh
cat /root/blacklist/blacklistblssh >> /root/blacklist/blacklist

#get list from blacklist.de - bruteforcelogin.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/bruteforcelogin.txt > /root/blacklist/blacklistblbfl
cat /root/blacklist/blacklistblbfl >> /root/blacklist/blacklist

printf "\n Amount of lines in fail2ban-block %s \n"  `cat /root/blacklist/blacklistfail2ban-block | wc -l`
rm -rf /root/blacklist/blacklistfail2ban-block

printf "\n Amount of lines in other-block %s \n"  `cat /root/blacklist/blacklistother-block | wc -l`
rm -rf /root/blacklist/blacklistother-block

printf "\n Amount of lines in CIA-Badguys %s \n"  `cat /root/blacklist/blacklistcibadguys | wc -l`
rm -rf /root/blacklist/blacklistcibadguys

printf "\n Amount of lines in Ransomware list %s \n"  `cat /root/blacklist/RWIPBL | wc -l`
rm -rf /root/blacklist/RW_IPBL

printf "\n Amount of lines in YoYo Ad list %s \n"  `cat /root/blacklist/YOYOAD | wc -l`
rm -rf /root/blacklist/YOYOAD

printf "\n Amount of lines in malc0de %s \n"  `cat /root/blacklist/blacklistmalc0de | wc -l`
rm -rf /root/blacklist/blacklistmalc0de

printf "\n Amount of lines in MalwareDomains %s \n"  `cat /root/blacklist/blacklistmalwaredomains | wc -l`
rm -rf /root/blacklist/blacklistmalwaredomains

printf "\n Amount of lines in OpenBL 7 days list %s \n"  `cat /root/blacklist/blacklistopen7days | wc -l`
rm -rf /root/blacklist/blacklistopen7days

printf "\n Amount of lines in EmergingThreats Compomised IP's %s \n"  `cat /root/blacklist/blacklistemercompr | wc -l`
rm -rf /root/blacklist/blacklistemercompr

printf "\n Amount of lines in EmergingThreats Block IP's %s \n"  `cat /root/blacklist/blacklistemerblock | wc -l`
rm -rf /root/blacklist/blacklistemerblock

#printf "\n Amount of lines in SpyEye %s \n"  `cat /root/blacklist/blacklistspyeye | wc -l`
#rm -rf /root/blacklist/blacklistspyeye

printf "\n Amount of lines in Palevo %s \n"  `cat /root/blacklist/blacklistpalevo | wc -l`
rm -rf /root/blacklist/blacklistpalevo

printf "\n Amount of lines in Feodo A %s \n"  `cat /root/blacklist/blacklistfeodoa | wc -l`
rm -rf /root/blacklist/blacklistfeodoa

#printf "\n Amount of lines in Blacklist.de apache  %s \n"  `cat /root/blacklist/blacklistblapache | wc -l`
#rm -rf /root/blacklist/blacklistblapache

printf "\n Amount of lines in Blacklist.de imap  %s \n"  `cat /root/blacklist/blacklistblimap | wc -l`
rm -rf /root/blacklist/blacklistblimap

printf "\n Amount of lines in Blacklist.de ssh  %s \n"  `cat /root/blacklist/blacklistblssh | wc -l`
rm -rf /root/blacklist/blacklistblssh

printf "\n Amount of lines in Blacklist.de bruteorcelogin  %s \n"  `cat /root/blacklist/blacklistblbfl | wc -l`
rm -rf /root/blacklist/blacklistblbfl

#printf "\n Amount of lines in Blacklist.de all  %s \n"  `cat /root/blacklist/blacklistblall | wc -l`
#rm -rf /root/blacklist/blacklistblall

printf "\n Amount of lines in Feodo B %s \n"  `cat /root/blacklist/blacklistfeodob | wc -l`
rm -rf /root/blacklist/blacklistfeodob

printf "\n Amount of lines in Zeus %s \n"  `cat /root/blacklist/blacklistzeus | wc -l`
rm -rf /root/blacklist/blacklistzeus

# Insert any ip for your own testing pleasure
cat /root/blacklist/testbl >> /root/blacklist/blacklist
printf "\n Amount of lines in test list %s \n"  `cat /root/blacklist/testbl | wc -l`

#check amount of lines before sorting and cleanup
printf "\n Amount of lines in the combined blacklist before any cleanup is done %s \n"  `cat /root/blacklist/blacklist | wc -l`

printf "\n Sort ip's and make them unique"
cat /root/blacklist/blacklist | sort | uniq > /root/blacklist/blacklisttmp1

printf "\n Remove comments etc."
egrep -v '(^[[:space:]]*/|^[[:space:]]*#|^[[:space:]]*$)|/[0-9]|\:|/g' /root/blacklist/blacklisttmp1 > /root/blacklist/blacklisttmp2

# RD remove dakje-M from some IP's if it exists
sed 's/\r//g' /root/blacklist/blacklisttmp2 > /root/blacklist/blacklisttmp3

##Remove non ipv4 line
sed -rn '/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])/p' /root/blacklist/blacklisttmp3 > /root/blacklist/blacklist

#check amount of lines after sorting and clean-up
printf "\n Amount of lines in blacklisttmp2 %s \n"  `cat /root/blacklist/blacklisttmp2 | wc -l`

#check amount of lines after removing Windows line ends in downloaded files
printf "\n Amount of lines in blacklisttmp3 %s \n"  `cat /root/blacklist/blacklisttmp3 | wc -l`


#check amount of lines after removing non ipv4 line
printf "\n Amount of lines in final blacklist %s \n"  `cat /root/blacklist/blacklist | wc -l`

rm -rf /etc/shorewall/blacklist
cp /root/blacklist/blacklist /etc/shorewall/blacklist

shorewall update &>/dev/null
shorewall refresh &>/dev/null
	#!/bin/bash -

	###########################################################################
	# 2014-03-03 by burningpenguin: scriptblacklistip
	#
	# add blocked IPs to the firewall to not be accessed from green/blue
	###########################################################################
	# 2014-03-03 initial version
	# 2014-12-13 adjustments by Garp
	# 2014-12-28 adjustments by Garp (blocklists added)
	# 2014-12-29 Garp: Remove yoyo Ads, they are being blocked by using the
	# hostsfile and the url filter
	# 2016-03-03 jackyes: Added some list and adapted to work on NethServer
	# (NOTE: add blacklist option to interface in /etc/shorewall/interfaces)
	# 2016-06-03 jackyes: Added Ransomware blocklist, readded yoyoadlist
	#
	###########################################################################
	# usage
	# extend by adding this section per blacklist url
	# #get list from ??service??
	# printf "\n Get files: ??service???"
	# wget -O - http:???url??? > /etc/sysconfig/blacklisttmp
	# cat /etc/sysconfig/blacklisttmp >> /etc/sysconfig/blacklist
	#
	#
	###########################################################################

	mkdir /root/blacklist
	rm -rf /root/blacklist/*
	rm -rf /etc/shorewall/blrules

	#get list from other-block
	printf "\n Get files: other-block"
	cp /root/other-block.txt /root/blacklist/blacklistother-block
	cat /root/blacklist/blacklistother-block >> /root/blacklist/blacklist

	#get list from fail2ban block list
	printf "\n Get files: fail2ban-block"
	cp /root/fail2ban-block.txt /root/blacklist/blacklistfail2ban-block
	cat /root/blacklist/blacklistfail2ban-block >> /root/blacklist/blacklist

	#get list from CIA-Army
	printf "\n Get files: CIA-Army"
	wget -O - http://cinsscore.com/list/ci-badguys.txt > /root/blacklist/blacklistcibadguys
	cat /root/blacklist/blacklistcibadguys >> /root/blacklist/blacklist

	#get list from Ransomware tracker
	printf "\n Get files: Ransomware List"
	wget -O - https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt > /root/blacklist/RW_IPBL
	cat /root/blacklist/RW_IPBL >> /root/blacklist/blacklist

	#get list from YoYo Ad List
	printf "\n Get files: YoYo AD LIST"
	wget -O - "https://pgl.yoyo.org/as/iplist.php?format=&showintro=0" > /root/blacklist/YOYOAD
	cat /root/blacklist/YOYOAD >> /root/blacklist/blacklist

	#get list from malc0de
	printf "\n Get files: malc0de"
	wget -O - http://malc0de.com/bl/IP_Blacklist.txt > /root/blacklist/blacklistmalc0de
	cat /root/blacklist/blacklistmalc0de >> /root/blacklist/blacklist

	#get list from openbl.org
	printf "\n Get files: OpenBL 7 days"
	wget -O - http://www.openbl.org/lists/base_7days.txt > /root/blacklist/blacklistopen7days
	cat /root/blacklist/blacklistopen7days >> /root/blacklist/blacklist

	#get list from emergingthreats
	printf "\n Get files: EmergingThreats Compromised IPs"
	wget -O - http://rules.emergingthreats.net/blockrules/compromised-ips.txt > /root/blacklist/blacklistemercompr
	cat /root/blacklist/blacklistemercompr >> /root/blacklist/blacklist

	#get list from emergingthreats
	printf "\n Get files: EmergingThreats Block IPs"
	wget -O - --no-check-certificate https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt > /root/blacklist/blacklistemerblock
	cat /root/blacklist/blacklistemerblock >> /root/blacklist/blacklist

	#get list from palevotracker
	printf "\n Get files: palevo"
	wget -O - --no-check-certificate https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist > /root/blacklist/blacklistpalevo
	cat /root/blacklist/blacklistpalevo >> /root/blacklist/blacklist

	#get list from feodotracker Blocklist
	printf "\n Get files: Feodo A"
	wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=ipblocklist > /root/blacklist/blacklistfeodoa
	cat /root/blacklist/blacklistfeodoa >> /root/blacklist/blacklist

	#get list from feodotracker BadIPS
	printf "\n Get files: Feodo BadIPS"
	wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=badips > /root/blacklist/blacklistfeodob
	cat /root/blacklist/blacklistfeodob >> /root/blacklist/blacklist

	#get list from zeustracker
	printf "\n Get files: zeus"
	wget -O - --no-check-certificate https://zeustracker.abuse.ch/blocklist.php?download=badips > /root/blacklist/blacklistzeus
	cat /root/blacklist/blacklistzeus >> /root/blacklist/blacklist

	#get list from blacklist.de - all.txt
	##VERY BIG!!
	#printf "\n Get files: blacklistede all"
	#wget -O - http://lists.blocklist.de/lists/all.txt > /root/blacklist/blacklistblall
	#cat /root/blacklist/blacklistblall >> /root/blacklist/blacklist

	#get list from blacklist.de - apache.txt
	##VERY BIG!!
	#printf "\n Get files: blacklistede apache"
	#wget -O - http://lists.blocklist.de/lists/apache.txt > /root/blacklist/blacklistblapache
	#cat /root/blacklist/blacklistblapache >> /root/blacklist/blacklist

	#get list from blacklist.de - imap.txt
	printf "\n Get files: blacklistede imap"
	wget -O - http://lists.blocklist.de/lists/imap.txt > /root/blacklist/blacklistblimap
	cat /root/blacklist/blacklistblimap >> /root/blacklist/blacklist

	#get list from blacklist.de - ssh.txt
	printf "\n Get files: blacklistede ssh"
	wget -O - http://lists.blocklist.de/lists/ssh.txt > /root/blacklist/blacklistblssh
	cat /root/blacklist/blacklistblssh >> /root/blacklist/blacklist

	#get list from blacklist.de - bruteforcelogin.txt
	printf "\n Get files: blacklistede ssh"
	wget -O - http://lists.blocklist.de/lists/bruteforcelogin.txt > /root/blacklist/blacklistblbfl
	cat /root/blacklist/blacklistblbfl >> /root/blacklist/blacklist

	printf "\n Amount of lines in fail2ban-block %s \n" `cat /root/blacklist/blacklistfail2ban-block \| wc -l`
	rm -rf /root/blacklist/blacklistfail2ban-block

	printf "\n Amount of lines in other-block %s \n" `cat /root/blacklist/blacklistother-block \| wc -l`
	rm -rf /root/blacklist/blacklistother-block

	printf "\n Amount of lines in CIA-Badguys %s \n" `cat /root/blacklist/blacklistcibadguys \| wc -l`
	rm -rf /root/blacklist/blacklistcibadguys

	printf "\n Amount of lines in Ransomware list %s \n" `cat /root/blacklist/RWIPBL \| wc -l`
	rm -rf /root/blacklist/RW_IPBL

	printf "\n Amount of lines in YoYo Ad list %s \n" `cat /root/blacklist/YOYOAD \| wc -l`
	rm -rf /root/blacklist/YOYOAD

	printf "\n Amount of lines in malc0de %s \n" `cat /root/blacklist/blacklistmalc0de \| wc -l`
	rm -rf /root/blacklist/blacklistmalc0de

	printf "\n Amount of lines in MalwareDomains %s \n" `cat /root/blacklist/blacklistmalwaredomains \| wc -l`
	rm -rf /root/blacklist/blacklistmalwaredomains

	printf "\n Amount of lines in OpenBL 7 days list %s \n" `cat /root/blacklist/blacklistopen7days \| wc -l`
	rm -rf /root/blacklist/blacklistopen7days

	printf "\n Amount of lines in EmergingThreats Compomised IP's %s \n" `cat /root/blacklist/blacklistemercompr \| wc -l`
	rm -rf /root/blacklist/blacklistemercompr

	printf "\n Amount of lines in EmergingThreats Block IP's %s \n" `cat /root/blacklist/blacklistemerblock \| wc -l`
	rm -rf /root/blacklist/blacklistemerblock

	#printf "\n Amount of lines in SpyEye %s \n" `cat /root/blacklist/blacklistspyeye \| wc -l`
	#rm -rf /root/blacklist/blacklistspyeye

	printf "\n Amount of lines in Palevo %s \n" `cat /root/blacklist/blacklistpalevo \| wc -l`
	rm -rf /root/blacklist/blacklistpalevo

	printf "\n Amount of lines in Feodo A %s \n" `cat /root/blacklist/blacklistfeodoa \| wc -l`
	rm -rf /root/blacklist/blacklistfeodoa

	#printf "\n Amount of lines in Blacklist.de apache %s \n" `cat /root/blacklist/blacklistblapache \| wc -l`
	#rm -rf /root/blacklist/blacklistblapache

	printf "\n Amount of lines in Blacklist.de imap %s \n" `cat /root/blacklist/blacklistblimap \| wc -l`
	rm -rf /root/blacklist/blacklistblimap

	printf "\n Amount of lines in Blacklist.de ssh %s \n" `cat /root/blacklist/blacklistblssh \| wc -l`
	rm -rf /root/blacklist/blacklistblssh

	printf "\n Amount of lines in Blacklist.de bruteorcelogin %s \n" `cat /root/blacklist/blacklistblbfl \| wc -l`
	rm -rf /root/blacklist/blacklistblbfl

	#printf "\n Amount of lines in Blacklist.de all %s \n" `cat /root/blacklist/blacklistblall \| wc -l`
	#rm -rf /root/blacklist/blacklistblall

	printf "\n Amount of lines in Feodo B %s \n" `cat /root/blacklist/blacklistfeodob \| wc -l`
	rm -rf /root/blacklist/blacklistfeodob

	printf "\n Amount of lines in Zeus %s \n" `cat /root/blacklist/blacklistzeus \| wc -l`
	rm -rf /root/blacklist/blacklistzeus

	# Insert any ip for your own testing pleasure
	cat /root/blacklist/testbl >> /root/blacklist/blacklist
	printf "\n Amount of lines in test list %s \n" `cat /root/blacklist/testbl \| wc -l`

	#check amount of lines before sorting and cleanup
	printf "\n Amount of lines in the combined blacklist before any cleanup is done %s \n" `cat /root/blacklist/blacklist \| wc -l`

	printf "\n Sort ip's and make them unique"
	cat /root/blacklist/blacklist \| sort \| uniq > /root/blacklist/blacklisttmp1

	printf "\n Remove comments etc."
	egrep -v '(^[[:space:]]/\|^[[:space:]]#\|^[[:space:]]*$)\|/[0-9]\|\:\|/g' /root/blacklist/blacklisttmp1 > /root/blacklist/blacklisttmp2

	# RD remove dakje-M from some IP's if it exists
	sed 's/\r//g' /root/blacklist/blacklisttmp2 > /root/blacklist/blacklisttmp3

	##Remove non ipv4 line
	sed -rn '/((1?[0-9][0-9]?\|2[0-4][0-9]\|25[0-5])\.){3}(1?[0-9][0-9]?\|2[0-4][0-9]\|25[0-5])/p' /root/blacklist/blacklisttmp3 > /root/blacklist/blacklist

	#check amount of lines after sorting and clean-up
	printf "\n Amount of lines in blacklisttmp2 %s \n" `cat /root/blacklist/blacklisttmp2 \| wc -l`

	#check amount of lines after removing Windows line ends in downloaded files
	printf "\n Amount of lines in blacklisttmp3 %s \n" `cat /root/blacklist/blacklisttmp3 \| wc -l`


	#check amount of lines after removing non ipv4 line
	printf "\n Amount of lines in final blacklist %s \n" `cat /root/blacklist/blacklist \| wc -l`

	rm -rf /etc/shorewall/blacklist
	cp /root/blacklist/blacklist /etc/shorewall/blacklist

	shorewall update &>/dev/null
	shorewall refresh &>/dev/null