Skip to content

Instantly share code, notes, and snippets.

@ixs
Created November 27, 2015 14:06
Show Gist options
  • Save ixs/0931560c3e114ff86457 to your computer and use it in GitHub Desktop.
Save ixs/0931560c3e114ff86457 to your computer and use it in GitHub Desktop.
Download a public blocklist of SSH brute scanning hosts and drop their connection attempts via pure iptables
#!/bin/sh
curl -s http://lists.blocklist.de/lists/ssh.txt > /tmp/ssh-ips.txt
if [ "$1" == "--force" ]; then
iptables -F AUTO_BLACKLIST
iptables -A AUTO_BLACKLIST -j RETURN
fi
/usr/sbin/iptables -L AUTO_BLACKLIST -n | awk '/^DROP / { print $4 }' > /tmp/ip_ssh_blocked
i=0
for src in $(cat /tmp/ssh-ips.txt); do
if [ "$1" != "--force" ]; then
grep -q "^$src\$" /tmp/ip_ssh_blocked || /usr/sbin/iptables -I AUTO_BLACKLIST -s $src -j DROP && i=$(($i + 1))
else
/usr/sbin/iptables -I AUTO_BLACKLIST -s $src -j DROP
i=$(($i + 1))
fi
done
echo $i hosts added
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment