Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
# Author: Derrick Pallas
# License: zlib
BASE='spamhaus-set'
TEMP=${BASE}$$
ipset create -exist "$BASE" hash:net || exit 1
iptables -w 300 -nL INPUT | grep -q "$BASE" ||
(
( iptables -N "$BASE" || iptables -F "$BASE" ) &&
iptables -A "$BASE" -m set --match-set "$BASE" src -j DROP &&
iptables -A INPUT ! -i lo -j "$BASE" &&
true
) || exit 1
function atexit {
ipset destroy "$TEMP"
} ; trap atexit EXIT
ipset create "$TEMP" hash:net &&
( set -o pipefail
curl -s \
https://www.spamhaus.org/drop/drop.txt \
https://www.spamhaus.org/drop/edrop.txt \
|
sed -e '/^#/d' -e 's/;.\+$//' |
cut -f 1 |
sort -u |
grep -v : |
while read net ; do
ipset add "$TEMP" "$net" 2>/dev/null
done
) && ipset swap "$TEMP" "$BASE"
#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment