fboaventura/fw_block.sh

## fw_block.sh
#!/usr/bin/bash

## Run every 24h via cron
## Old entries will time out later automatically

(
        cd /var/lib/firewall
        wget -qN 'http://www.spamhaus.org/drop/drop.txt'

        ipset create -exist spamhaus_drop hash:net counters timeout 90000 comment

        for line in $(cat drop.txt | grep -i SBL | cut -f  1 -d ';')
        do
                if [[ $line =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
                        ipset -! add spamhaus_drop "$line" comment "$(date)"
                fi
        done

        #iptables -I INPUT -m set --match-set spamhaus_drop src -j DROP
        #iptables -I INPUT -m set --match-set spamhaus_drop src -m hashlimit --hashlimit 1/second --hashlimit-name logging --hashlimit-mode srcip --jump LOG --log-level warning --log-prefix "SPAMHAUS_DROP: "
)
	#!/usr/bin/bash

	## Run every 24h via cron
	## Old entries will time out later automatically

	(
	cd /var/lib/firewall
	wget -qN 'http://www.spamhaus.org/drop/drop.txt'

	ipset create -exist spamhaus_drop hash:net counters timeout 90000 comment

	for line in $(cat drop.txt \| grep -i SBL \| cut -f 1 -d ';')
	do
	if [[ $line =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ ]]; then
	ipset -! add spamhaus_drop "$line" comment "$(date)"
	fi
	done

	#iptables -I INPUT -m set --match-set spamhaus_drop src -j DROP
	#iptables -I INPUT -m set --match-set spamhaus_drop src -m hashlimit --hashlimit 1/second --hashlimit-name logging --hashlimit-mode srcip --jump LOG --log-level warning --log-prefix "SPAMHAUS_DROP: "
	)