phemmer/load_ipset_blacklist.sh

## load_ipset_blacklist.sh
#!/bin/bash

exec 3> >(ipset restore)
echo 'create blacklist hash:net -exist' >&3
echo 'create blacklist_new hash:net -exist' >&3
echo 'flush blacklist_new' >&3

#echo "http://www.spamhaus.org/drop/drop.txt"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://www.spamhaus.org/drop/drop.txt | grep -oP '^[0-9\./]+')

#echo "http://www.spamhaus.org/drop/edrop.txt"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://www.spamhaus.org/drop/edrop.txt | grep -oP '^[0-9\./]+')

#echo "http://feeds.dshield.org/block.txt"
while read ip end netmask junk; do
  echo "add blacklist_new $ip/$netmask" >&3
done < <(timeout 10 curl -s http://feeds.dshield.org/block.txt | grep -P '^[0-9\.]+')

#echo "http://feeds.dshield.org/top10-2.txt"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://feeds.dshield.org/top10-2.txt | grep -oP '^[0-9\.]+')

#echo "http://www.openbl.org/lists/base.txt.gz"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://www.openbl.org/lists/base.txt.gz | zcat | grep -oP '^[0-9\.]+')

#echo "http://cinsscore.com/list/ci-badguys.txt"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://cinsscore.com/list/ci-badguys.txt | grep -oP '^[0-9\.]+')

#echo "http://www.autoshun.org/files/shunlist.csv"
while read ip; do
  echo "add blacklist_new $ip" >&3
done < <(timeout 10 curl -s http://www.autoshun.org/files/shunlist.csv | grep -oP '^[0-9\.]+')

while read ip; do
	echo "add blacklist_new $ip" >&3
done < <(diff --unchanged-line-format '' --old-line-format '' <(timeout 10 curl -s http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt) <(timeout 10 curl -s http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt) | grep -oP '^[0-9\./]+')

# check various IPs to make sure they're not about to be blocked
for ip in 169.254.169.254 10.0.0.1 $(ip addr | grep -oP 'inet \K[0-9\.]+'); do
  if ipset -q test blacklist_new $ip; then
    echo "$ip is in the blacklist!" >&2
    exit 1
  fi
done


echo 'swap blacklist_new blacklist' >&3
echo 'destroy blacklist_new' >&3
exec 3>&-
	#!/bin/bash

	exec 3> >(ipset restore)
	echo 'create blacklist hash:net -exist' >&3
	echo 'create blacklist_new hash:net -exist' >&3
	echo 'flush blacklist_new' >&3

	#echo "http://www.spamhaus.org/drop/drop.txt"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://www.spamhaus.org/drop/drop.txt \| grep -oP '^[0-9\./]+')

	#echo "http://www.spamhaus.org/drop/edrop.txt"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://www.spamhaus.org/drop/edrop.txt \| grep -oP '^[0-9\./]+')

	#echo "http://feeds.dshield.org/block.txt"
	while read ip end netmask junk; do
	echo "add blacklist_new $ip/$netmask" >&3
	done < <(timeout 10 curl -s http://feeds.dshield.org/block.txt \| grep -P '^[0-9\.]+')

	#echo "http://feeds.dshield.org/top10-2.txt"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://feeds.dshield.org/top10-2.txt \| grep -oP '^[0-9\.]+')

	#echo "http://www.openbl.org/lists/base.txt.gz"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://www.openbl.org/lists/base.txt.gz \| zcat \| grep -oP '^[0-9\.]+')

	#echo "http://cinsscore.com/list/ci-badguys.txt"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://cinsscore.com/list/ci-badguys.txt \| grep -oP '^[0-9\.]+')

	#echo "http://www.autoshun.org/files/shunlist.csv"
	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(timeout 10 curl -s http://www.autoshun.org/files/shunlist.csv \| grep -oP '^[0-9\.]+')

	while read ip; do
	echo "add blacklist_new $ip" >&3
	done < <(diff --unchanged-line-format '' --old-line-format '' <(timeout 10 curl -s http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt) <(timeout 10 curl -s http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt) \| grep -oP '^[0-9\./]+')

	# check various IPs to make sure they're not about to be blocked
	for ip in 169.254.169.254 10.0.0.1 $(ip addr \| grep -oP 'inet \K[0-9\.]+'); do
	if ipset -q test blacklist_new $ip; then
	echo "$ip is in the blacklist!" >&2
	exit 1
	fi
	done


	echo 'swap blacklist_new blacklist' >&3
	echo 'destroy blacklist_new' >&3
	exec 3>&-