Skip to content

Instantly share code, notes, and snippets.

@pallas
Last active February 26, 2019 08:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pallas/a977dd1217fc77a036a95bc26e539124 to your computer and use it in GitHub Desktop.
Save pallas/a977dd1217fc77a036a95bc26e539124 to your computer and use it in GitHub Desktop.
#!/bin/bash
# Author: Derrick Pallas
# License: zlib
BASE='dblock-set'
TEMP=${BASE}$$
ipset create -exist "$BASE" hash:ip --netmask 24 || exit 1
iptables -nL INPUT | grep -q "$BASE" ||
(
( iptables -N "$BASE" || iptables -F "$BASE" ) &&
iptables -A "$BASE" -m set --match-set "$BASE" src -j DROP &&
iptables -A INPUT ! -i lo -j "$BASE" &&
true
) || exit 1
function atexit {
ipset destroy "$TEMP"
} ; trap atexit EXIT
ipset create "$TEMP" hash:ip --netmask 24 &&
( set -o pipefail
curl -s https://feeds.dshield.org/block.txt |
sed -e '/^#/d' |
cut -f 1 |
address-filter |
sed s,^::ffff:,,i |
sort -u |
grep -v : |
while read ip ; do
ipset add "$TEMP" "$ip"/24
done
) && ipset swap "$TEMP" "$BASE"
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment