Skip to content

Instantly share code, notes, and snippets.

Created November 13, 2017 20:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/075792cecb12387d35ac81b1395ef554 to your computer and use it in GitHub Desktop.
Save anonymous/075792cecb12387d35ac81b1395ef554 to your computer and use it in GitHub Desktop.
shorewall
#!/bin/bash -
###########################################################################
# 2014-03-03 by burningpenguin: scriptblacklistip
#
# add blocked IPs to the firewall to not be accessed from green/blue
###########################################################################
# 2014-03-03 initial version
# 2014-12-13 adjustments by Garp
# 2014-12-28 adjustments by Garp (blocklists added)
# 2014-12-29 Garp: Remove yoyo Ads, they are being blocked by using the
# hostsfile and the url filter
# 2016-03-03 jackyes: Added some list and adapted to work on NethServer
# (NOTE: add blacklist option to interface in /etc/shorewall/interfaces)
# 2016-06-03 jackyes: Added Ransomware blocklist, readded yoyoadlist
#
###########################################################################
# usage
# extend by adding this section per blacklist url
# #get list from ??service??
# printf "\n Get files: ??service???"
# wget -O - http:???url??? > /etc/sysconfig/blacklisttmp
# cat /etc/sysconfig/blacklisttmp >> /etc/sysconfig/blacklist
#
#
###########################################################################
mkdir /root/blacklist
rm -rf /root/blacklist/*
rm -rf /etc/shorewall/blrules
#get list from other-block
printf "\n Get files: other-block"
cp /root/other-block.txt /root/blacklist/blacklistother-block
cat /root/blacklist/blacklistother-block >> /root/blacklist/blacklist
#get list from fail2ban block list
printf "\n Get files: fail2ban-block"
cp /root/fail2ban-block.txt /root/blacklist/blacklistfail2ban-block
cat /root/blacklist/blacklistfail2ban-block >> /root/blacklist/blacklist
#get list from CIA-Army
printf "\n Get files: CIA-Army"
wget -O - http://cinsscore.com/list/ci-badguys.txt > /root/blacklist/blacklistcibadguys
cat /root/blacklist/blacklistcibadguys >> /root/blacklist/blacklist
#get list from Ransomware tracker
printf "\n Get files: Ransomware List"
wget -O - https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt > /root/blacklist/RW_IPBL
cat /root/blacklist/RW_IPBL >> /root/blacklist/blacklist
#get list from YoYo Ad List
printf "\n Get files: YoYo AD LIST"
wget -O - "https://pgl.yoyo.org/as/iplist.php?format=&showintro=0" > /root/blacklist/YOYOAD
cat /root/blacklist/YOYOAD >> /root/blacklist/blacklist
#get list from malc0de
printf "\n Get files: malc0de"
wget -O - http://malc0de.com/bl/IP_Blacklist.txt > /root/blacklist/blacklistmalc0de
cat /root/blacklist/blacklistmalc0de >> /root/blacklist/blacklist
#get list from openbl.org
printf "\n Get files: OpenBL 7 days"
wget -O - http://www.openbl.org/lists/base_7days.txt > /root/blacklist/blacklistopen7days
cat /root/blacklist/blacklistopen7days >> /root/blacklist/blacklist
#get list from emergingthreats
printf "\n Get files: EmergingThreats Compromised IPs"
wget -O - http://rules.emergingthreats.net/blockrules/compromised-ips.txt > /root/blacklist/blacklistemercompr
cat /root/blacklist/blacklistemercompr >> /root/blacklist/blacklist
#get list from emergingthreats
printf "\n Get files: EmergingThreats Block IPs"
wget -O - --no-check-certificate https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt > /root/blacklist/blacklistemerblock
cat /root/blacklist/blacklistemerblock >> /root/blacklist/blacklist
#get list from palevotracker
printf "\n Get files: palevo"
wget -O - --no-check-certificate https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist > /root/blacklist/blacklistpalevo
cat /root/blacklist/blacklistpalevo >> /root/blacklist/blacklist
#get list from feodotracker Blocklist
printf "\n Get files: Feodo A"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=ipblocklist > /root/blacklist/blacklistfeodoa
cat /root/blacklist/blacklistfeodoa >> /root/blacklist/blacklist
#get list from feodotracker BadIPS
printf "\n Get files: Feodo BadIPS"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=badips > /root/blacklist/blacklistfeodob
cat /root/blacklist/blacklistfeodob >> /root/blacklist/blacklist
#get list from zeustracker
printf "\n Get files: zeus"
wget -O - --no-check-certificate https://zeustracker.abuse.ch/blocklist.php?download=badips > /root/blacklist/blacklistzeus
cat /root/blacklist/blacklistzeus >> /root/blacklist/blacklist
#get list from blacklist.de - all.txt
##VERY BIG!!
#printf "\n Get files: blacklistede all"
#wget -O - http://lists.blocklist.de/lists/all.txt > /root/blacklist/blacklistblall
#cat /root/blacklist/blacklistblall >> /root/blacklist/blacklist
#get list from blacklist.de - apache.txt
##VERY BIG!!
#printf "\n Get files: blacklistede apache"
#wget -O - http://lists.blocklist.de/lists/apache.txt > /root/blacklist/blacklistblapache
#cat /root/blacklist/blacklistblapache >> /root/blacklist/blacklist
#get list from blacklist.de - imap.txt
printf "\n Get files: blacklistede imap"
wget -O - http://lists.blocklist.de/lists/imap.txt > /root/blacklist/blacklistblimap
cat /root/blacklist/blacklistblimap >> /root/blacklist/blacklist
#get list from blacklist.de - ssh.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/ssh.txt > /root/blacklist/blacklistblssh
cat /root/blacklist/blacklistblssh >> /root/blacklist/blacklist
#get list from blacklist.de - bruteforcelogin.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/bruteforcelogin.txt > /root/blacklist/blacklistblbfl
cat /root/blacklist/blacklistblbfl >> /root/blacklist/blacklist
printf "\n Amount of lines in fail2ban-block %s \n" `cat /root/blacklist/blacklistfail2ban-block | wc -l`
rm -rf /root/blacklist/blacklistfail2ban-block
printf "\n Amount of lines in other-block %s \n" `cat /root/blacklist/blacklistother-block | wc -l`
rm -rf /root/blacklist/blacklistother-block
printf "\n Amount of lines in CIA-Badguys %s \n" `cat /root/blacklist/blacklistcibadguys | wc -l`
rm -rf /root/blacklist/blacklistcibadguys
printf "\n Amount of lines in Ransomware list %s \n" `cat /root/blacklist/RWIPBL | wc -l`
rm -rf /root/blacklist/RW_IPBL
printf "\n Amount of lines in YoYo Ad list %s \n" `cat /root/blacklist/YOYOAD | wc -l`
rm -rf /root/blacklist/YOYOAD
printf "\n Amount of lines in malc0de %s \n" `cat /root/blacklist/blacklistmalc0de | wc -l`
rm -rf /root/blacklist/blacklistmalc0de
printf "\n Amount of lines in MalwareDomains %s \n" `cat /root/blacklist/blacklistmalwaredomains | wc -l`
rm -rf /root/blacklist/blacklistmalwaredomains
printf "\n Amount of lines in OpenBL 7 days list %s \n" `cat /root/blacklist/blacklistopen7days | wc -l`
rm -rf /root/blacklist/blacklistopen7days
printf "\n Amount of lines in EmergingThreats Compomised IP's %s \n" `cat /root/blacklist/blacklistemercompr | wc -l`
rm -rf /root/blacklist/blacklistemercompr
printf "\n Amount of lines in EmergingThreats Block IP's %s \n" `cat /root/blacklist/blacklistemerblock | wc -l`
rm -rf /root/blacklist/blacklistemerblock
#printf "\n Amount of lines in SpyEye %s \n" `cat /root/blacklist/blacklistspyeye | wc -l`
#rm -rf /root/blacklist/blacklistspyeye
printf "\n Amount of lines in Palevo %s \n" `cat /root/blacklist/blacklistpalevo | wc -l`
rm -rf /root/blacklist/blacklistpalevo
printf "\n Amount of lines in Feodo A %s \n" `cat /root/blacklist/blacklistfeodoa | wc -l`
rm -rf /root/blacklist/blacklistfeodoa
#printf "\n Amount of lines in Blacklist.de apache %s \n" `cat /root/blacklist/blacklistblapache | wc -l`
#rm -rf /root/blacklist/blacklistblapache
printf "\n Amount of lines in Blacklist.de imap %s \n" `cat /root/blacklist/blacklistblimap | wc -l`
rm -rf /root/blacklist/blacklistblimap
printf "\n Amount of lines in Blacklist.de ssh %s \n" `cat /root/blacklist/blacklistblssh | wc -l`
rm -rf /root/blacklist/blacklistblssh
printf "\n Amount of lines in Blacklist.de bruteorcelogin %s \n" `cat /root/blacklist/blacklistblbfl | wc -l`
rm -rf /root/blacklist/blacklistblbfl
#printf "\n Amount of lines in Blacklist.de all %s \n" `cat /root/blacklist/blacklistblall | wc -l`
#rm -rf /root/blacklist/blacklistblall
printf "\n Amount of lines in Feodo B %s \n" `cat /root/blacklist/blacklistfeodob | wc -l`
rm -rf /root/blacklist/blacklistfeodob
printf "\n Amount of lines in Zeus %s \n" `cat /root/blacklist/blacklistzeus | wc -l`
rm -rf /root/blacklist/blacklistzeus
# Insert any ip for your own testing pleasure
cat /root/blacklist/testbl >> /root/blacklist/blacklist
printf "\n Amount of lines in test list %s \n" `cat /root/blacklist/testbl | wc -l`
#check amount of lines before sorting and cleanup
printf "\n Amount of lines in the combined blacklist before any cleanup is done %s \n" `cat /root/blacklist/blacklist | wc -l`
printf "\n Sort ip's and make them unique"
cat /root/blacklist/blacklist | sort | uniq > /root/blacklist/blacklisttmp1
printf "\n Remove comments etc."
egrep -v '(^[[:space:]]*/|^[[:space:]]*#|^[[:space:]]*$)|/[0-9]|\:|/g' /root/blacklist/blacklisttmp1 > /root/blacklist/blacklisttmp2
# RD remove dakje-M from some IP's if it exists
sed 's/\r//g' /root/blacklist/blacklisttmp2 > /root/blacklist/blacklisttmp3
##Remove non ipv4 line
sed -rn '/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])/p' /root/blacklist/blacklisttmp3 > /root/blacklist/blacklist
#check amount of lines after sorting and clean-up
printf "\n Amount of lines in blacklisttmp2 %s \n" `cat /root/blacklist/blacklisttmp2 | wc -l`
#check amount of lines after removing Windows line ends in downloaded files
printf "\n Amount of lines in blacklisttmp3 %s \n" `cat /root/blacklist/blacklisttmp3 | wc -l`
#check amount of lines after removing non ipv4 line
printf "\n Amount of lines in final blacklist %s \n" `cat /root/blacklist/blacklist | wc -l`
rm -rf /etc/shorewall/blacklist
cp /root/blacklist/blacklist /etc/shorewall/blacklist
shorewall update &>/dev/null
shorewall refresh &>/dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment