Skip to content

Instantly share code, notes, and snippets.

@marcodebe
Last active March 23, 2017 10:55
Show Gist options
  • Save marcodebe/b6f58b17ea6107d25247e3cbad712096 to your computer and use it in GitHub Desktop.
Save marcodebe/b6f58b17ea6107d25247e3cbad712096 to your computer and use it in GitHub Desktop.
Ransomware blocklist generator for Shorewall (using https://ransomwaretracker.abuse.ch/blocklist/)
#!/bin/bash
# Author: Marco De Benedetto <debe@galliera.it>
#
# Ransomware blocklist for Shorewall using https://ransomwaretracker.abuse.ch/blocklist/
#
# prerequisite:
#
# /etc/shorewall/blrules:
# blacklog net:+blacklist all
# blacklog all net:+blacklist
#
# /etc/cron.d/ransomware_bloklist:
# */5 * * * * root /usr/local/bin/ransomware_ipset
# Create blacklist ipset if it does not exist
ipset list blacklist > /dev/null 2>&1 || ipset create blacklist hash:ip
# blacklist_temp shouldn't exist, but anyway...
ipset destroy blacklist_temp > /dev/null 2>&1
ipset create blacklist_temp hash:ip
wget -Nq -P /tmp https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
(while read ip ; do [[ $ip =~ ^[0-9]+\. ]] && ipset add blacklist_temp $ip; done ) < /tmp/RW_IPBL.txt
ipset swap blacklist_temp blacklist
ipset destroy blacklist_temp > /dev/null 2>&1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment