cyrbil/iptables_blocklist.sh

## iptables_blocklist.sh
#!/bin/bash

set -o errexit
set -o errtrace
set -o functrace
set -o pipefail
set -o nounset

[ -z ${DEBUG+x} ] || set -o xtrace

ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"


TYPE_FILTER="KnownAttacker|Malware|Spammer"
SET_NAME="suspicious_ips"
BLOCK_FILE="${ROOT_DIR}/blocklist.json"
IP_FILE="${ROOT_DIR}/suspiciousIPs.txt"


echo "Downloading latest block list"
wget -q --progress=bar --show-progress -O "${BLOCK_FILE}" https://malwareworld.com/textlists/ips.txt


echo "Filtering block list with '${TYPE_FILTER}'"
pv "${BLOCK_FILE}" \
  | jq -r 'to_entries[] | select(.key | length > 7) | .key + "\t" + (.value.type | join(","))' \
  | awk "/${TYPE_FILTER}/{print \$1}" \
  > "${IP_FILE}"


echo "Importing IP list"
TMP_DIR="$(mktemp -d)"
(
    cd "${TMP_DIR}"
    cat "${IP_FILE}" | split --suffix-length=2 --numeric-suffixes=1 --lines=65536

    for SPLIT in $( ls x* ); do
        CURRENT_SET="${SET_NAME}_${SPLIT:1:2}"
        echo "Creating ipset '${CURRENT_SET}'"
        iptables -D INPUT -m set --match-set "${CURRENT_SET}" src -j DROP 2>/dev/null || true
        sleep 1;  # wait for iptables changes
        ipset destroy "${CURRENT_SET}" 2>/dev/null || true
        ipset create "${CURRENT_SET}" hash:ip
        pv "${SPLIT}" | sed "s/^/add \"${CURRENT_SET}\" /" | ipset restore
        echo "Add set to iptables rules"
        iptables -A INPUT -m set --match-set "${CURRENT_SET}" src -j DROP
    done
)
rm -rf "${TMP_DIR}"
	#!/bin/bash

	set -o errexit
	set -o errtrace
	set -o functrace
	set -o pipefail
	set -o nounset

	[ -z ${DEBUG+x} ] \|\| set -o xtrace

	ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"


	TYPE_FILTER="KnownAttacker\|Malware\|Spammer"
	SET_NAME="suspicious_ips"
	BLOCK_FILE="${ROOT_DIR}/blocklist.json"
	IP_FILE="${ROOT_DIR}/suspiciousIPs.txt"


	echo "Downloading latest block list"
	wget -q --progress=bar --show-progress -O "${BLOCK_FILE}" https://malwareworld.com/textlists/ips.txt


	echo "Filtering block list with '${TYPE_FILTER}'"
	pv "${BLOCK_FILE}" \
	\| jq -r 'to_entries[] \| select(.key \| length > 7) \| .key + "\t" + (.value.type \| join(","))' \
	\| awk "/${TYPE_FILTER}/{print \$1}" \
	> "${IP_FILE}"


	echo "Importing IP list"
	TMP_DIR="$(mktemp -d)"
	(
	cd "${TMP_DIR}"
	cat "${IP_FILE}" \| split --suffix-length=2 --numeric-suffixes=1 --lines=65536

	for SPLIT in $( ls x* ); do
	CURRENT_SET="${SET_NAME}_${SPLIT:1:2}"
	echo "Creating ipset '${CURRENT_SET}'"
	iptables -D INPUT -m set --match-set "${CURRENT_SET}" src -j DROP 2>/dev/null \|\| true
	sleep 1; # wait for iptables changes
	ipset destroy "${CURRENT_SET}" 2>/dev/null \|\| true
	ipset create "${CURRENT_SET}" hash:ip
	pv "${SPLIT}" \| sed "s/^/add \"${CURRENT_SET}\" /" \| ipset restore
	echo "Add set to iptables rules"
	iptables -A INPUT -m set --match-set "${CURRENT_SET}" src -j DROP
	done
	)
	rm -rf "${TMP_DIR}"