Last active
March 9, 2016 18:58
-
-
Save hiroyuki-sato/828edb3a59e80d73f08e to your computer and use it in GitHub Desktop.
updateBanList.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# FILE: /usr/local/sbin/updateBanList.sh | |
# AUTHOR: ForDoDone fordodone@fordodone.com | |
# DATE: 2013-10-01 | |
# NOTES: Script to update IP ban list. Run from cron, and integrate into firewall | |
# | |
# variables | |
VERBOSE=0 | |
DROPURL='http://www.spamhaus.org/drop/drop.txt' | |
EDROPURL='http://www.spamhaus.org/drop/edrop.txt' | |
# simple logger function | |
logger(){ | |
if [ "$VERBOSE" == "1" ] | |
then | |
echo "$@" | |
fi | |
} | |
# set verbose flag if given | |
if [ "$1" == "-v" ] | |
then | |
VERBOSE=1; | |
fi | |
# create or truncate tmp file | |
>/tmp/block | |
# get drop file | |
wget -q $DROPURL -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block | |
if [ $? -ne 0 ] | |
then | |
logger "error getting drop file" | |
logger "exiting..." | |
exit | |
fi | |
# get edrop file | |
wget -q "$EDROPURL" -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block | |
if [ $? -ne 0 ] | |
then | |
logger "error getting edrop file" | |
logger "exiting..." | |
exit | |
fi | |
logger "received `wc -l /tmp/block | awk '{print $1}'` networks to block..." | |
logger "starting vyatta cmd wrapper" | |
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin | |
# remove existing list, in case a network has been removed" | |
logger "deleting existing blocked network group" | |
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper delete firewall group network-group blocked | |
# add each network to the block list | |
logger "building new blocked network group" | |
logger "this might take a while..." | |
for i in `cat /tmp/block`; | |
do | |
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group blocked network $i | |
done; | |
# now commit the changes | |
logger "committing changes" | |
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit | |
logger "ending vyatta cmd wrapper" | |
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end | |
# clean up | |
rm -rf /tmp/block >/dev/null 2>&1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vyos@vyos:/tmp$ show configuration commands | |
set firewall group network-group blocked network '1.116.0.0/14' | |
set firewall group network-group blocked network '5.34.242.0/23' | |
set firewall group network-group blocked network '5.72.0.0/14' | |
set firewall group network-group blocked network '14.4.0.0/14' | |
set firewall group network-group blocked network '14.129.0.0/16' | |
set firewall group network-group blocked network '14.192.48.0/21' | |
set firewall group network-group blocked network '14.192.56.0/22' | |
set firewall group network-group blocked network '31.11.43.0/24' | |
set firewall group network-group blocked network '31.222.200.0/21' | |
set firewall group network-group blocked network '36.0.8.0/21' | |
set firewall group network-group blocked network '37.139.49.0/24' | |
set firewall group network-group blocked network '37.148.216.0/21' | |
set firewall group network-group blocked network '37.246.0.0/16' | |
set firewall group network-group blocked network '42.1.128.0/17' | |
set firewall group network-group blocked network '42.52.0.0/14' | |
set firewall group network-group blocked network '42.187.0.0/18' | |
set firewall group network-group blocked network '42.194.128.0/17' | |
set firewall group network-group blocked network '46.29.248.0/22' | |
set firewall group network-group blocked network '46.148.112.0/20' | |
set firewall group network-group blocked network '49.8.0.0/14' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment