Skip to content

Instantly share code, notes, and snippets.

@hiroyuki-sato

hiroyuki-sato/gist:828edb3a59e80d73f08e

Last active March 9, 2016 18:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save hiroyuki-sato/828edb3a59e80d73f08e to your computer and use it in GitHub Desktop.
Save hiroyuki-sato/828edb3a59e80d73f08e to your computer and use it in GitHub Desktop.
Download ZIP
updateBanList.sh
Raw
gistfile1.sh
#!/bin/bash
# FILE: /usr/local/sbin/updateBanList.sh
# AUTHOR: ForDoDone fordodone@fordodone.com
# DATE: 2013-10-01
# NOTES: Script to update IP ban list.  Run from cron, and integrate into firewall
#
# variables
VERBOSE=0
DROPURL='http://www.spamhaus.org/drop/drop.txt'
EDROPURL='http://www.spamhaus.org/drop/edrop.txt'
# simple logger function
logger(){
if [ "$VERBOSE" == "1" ]
then
echo "$@"
fi
}
# set verbose flag if given
if [ "$1" == "-v" ]
then
VERBOSE=1;
fi
# create or truncate tmp file
>/tmp/block
# get drop file
wget -q $DROPURL -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block
if [ $? -ne 0 ]
then
logger "error getting drop file"
logger "exiting..."
exit
fi
# get edrop file
wget -q "$EDROPURL" -O - | grep ^[0-9] | sed -e 's/;.*//' >> /tmp/block
if [ $? -ne 0 ]
then
logger "error getting edrop file"
logger "exiting..."
exit
fi
logger "received `wc -l /tmp/block | awk '{print $1}'` networks to block..."
logger "starting vyatta cmd wrapper"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin
# remove existing list, in case a network has been removed"
logger "deleting existing blocked network group"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper delete firewall group network-group blocked
# add each network to the block list
logger "building new blocked network group"
logger "this might take a while..."
for i in `cat /tmp/block`;
do
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group blocked network $i
done;
# now commit the changes
logger "committing changes"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit
logger "ending vyatta cmd wrapper"
/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end
# clean up
rm -rf /tmp/block >/dev/null 2>&1
Raw
gistfile2.sh
vyos@vyos:/tmp$ show configuration commands
set firewall group network-group blocked network '1.116.0.0/14'
set firewall group network-group blocked network '5.34.242.0/23'
set firewall group network-group blocked network '5.72.0.0/14'
set firewall group network-group blocked network '14.4.0.0/14'
set firewall group network-group blocked network '14.129.0.0/16'
set firewall group network-group blocked network '14.192.48.0/21'
set firewall group network-group blocked network '14.192.56.0/22'
set firewall group network-group blocked network '31.11.43.0/24'
set firewall group network-group blocked network '31.222.200.0/21'
set firewall group network-group blocked network '36.0.8.0/21'
set firewall group network-group blocked network '37.139.49.0/24'
set firewall group network-group blocked network '37.148.216.0/21'
set firewall group network-group blocked network '37.246.0.0/16'
set firewall group network-group blocked network '42.1.128.0/17'
set firewall group network-group blocked network '42.52.0.0/14'
set firewall group network-group blocked network '42.187.0.0/18'
set firewall group network-group blocked network '42.194.128.0/17'
set firewall group network-group blocked network '46.29.248.0/22'
set firewall group network-group blocked network '46.148.112.0/20'
set firewall group network-group blocked network '49.8.0.0/14'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment