Created
January 15, 2016 09:12
-
-
Save d-tux/fdf1d600f0bf20692184 to your computer and use it in GitHub Desktop.
ipset blocklist updater
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Adapted from http://www.linuxjournal.com/content/server-hardening?page=0,2 | |
| PATH=$PATH:/sbin | |
| WD=`pwd` | |
| TMP_DIR=$WD/tmp | |
| IP_TMP=$TMP_DIR/ip.temp | |
| IP_BLOCKLIST=$WD/ip-blocklist.conf | |
| IP_BLOCKLIST_TMP=$TMP_DIR/ip-blocklist.temp | |
| list="nigerian russian lacnic exploited-servers" | |
| BLOCKLISTS=( | |
| "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs | |
| "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes | |
| "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies | |
| "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List | |
| "http://rules.emergingthreats.net/blockrules/rbn-ips.txt" # Emerging Threats - Russian Business Networks List | |
| "http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Dont Route Or Peer List (DROP) | |
| "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List | |
| "http://www.openbl.org/lists/base.txt" # OpenBLOCK.org 30 day List | |
| "http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List | |
| "http://lists.blocklist.de/lists/all.txt" # blocklist.de attackers | |
| ) | |
| WHITELIST=() | |
| IP_REGEXP='(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' | |
| [ -d $TMP_DIR ] || mkdir -p $TMP_DIR | |
| cd $TMP_DIR | |
| # This gets the various lists | |
| for i in "${BLOCKLISTS[@]}" | |
| do | |
| echo -n "Fetching blocklist from $i" | |
| curl -s "$i" > $IP_TMP | |
| grep -Po $IP_REGEXP $IP_TMP >> $IP_BLOCKLIST_TMP | |
| echo ' [OK]' | |
| done | |
| for i in `echo $list`; do | |
| # This section gets wizcrafts lists | |
| echo -n "Fetching blocklist from Wizcrafts $i" | |
| curl -s http://www.wizcrafts.net/$i-iptables-blocklist.html > $i-iptables-blocklist.html | |
| # Grep out all but ip blocks | |
| cat $i-iptables-blocklist.html | grep -v \< | grep -v \: | grep -v \; | grep -v \# | grep -Po $IP_REGEXP > $i.txt | |
| # Consolidate blocks into master list | |
| cat $i.txt >> $IP_BLOCKLIST_TMP | |
| echo " [`wc -l $i.txt`]" | |
| rm $i.txt | |
| done | |
| sort $IP_BLOCKLIST_TMP -n | uniq > $IP_BLOCKLIST | |
| rm $IP_BLOCKLIST_TMP | |
| wc -l $IP_BLOCKLIST | |
| ipset list blocklist 2>&1 &>/dev/null || ipset create blocklist hash:net | |
| ipset flush blocklist | |
| egrep -v "^#|^$" $IP_BLOCKLIST | while IFS= read -r ip | |
| do | |
| ipset add blocklist $ip | |
| done | |
| for i in "${WHITELIST[@]}" | |
| do | |
| ipset -q del blocklist $i | |
| done | |
| #cleanup | |
| rm -fR $TMP_DIR/* | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Unfortunately, OpenBL is closing at the end of this month. It can be removed from the BLOCKLISTS array.