fossilfranv/set_ip_blacklist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'set_ip_blacklist.sh'

Browse Source
This commit is contained in:
fossilfranv 2023-03-28 00:25:04 +02:00
parent 42a25f9cee
commit 158b1b5967
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
set_ip_blacklist.sh
View File

@ -8,6 +8,7 @@ set -x
#The next line only the first time the script is run #The next line only the first time the script is run
#/sbin/ipset -q create ipsum hash:net #/sbin/ipset -q create ipsum hash:net
/bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done' /bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done'
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set ipsum src -j DROP
/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP /sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP
@ -18,6 +19,7 @@ my_file=$(cat firehol_level3.netset |grep -v "#")
/sbin/ipset -q flush fireh /sbin/ipset -q flush fireh
#/sbin/ipset -q create fireh hash:net #/sbin/ipset -q create fireh hash:net
for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set fireh src -j DROP
/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP /sbin/iptables -I INPUT -m set --match-set fireh src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP
@ -30,6 +32,7 @@ rm blocklist.de
wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset
my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de) my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de)
for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set blockde src -j DROP
/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP /sbin/iptables -I INPUT -m set --match-set blockde src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP
@ -40,6 +43,7 @@ for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done
my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de) my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de)
echo setting ipv6... echo setting ipv6...
for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done
/sbin/ip6tables -A DOCKER-USER -i eth0 -m set --match-set blockde6 src -j DROP
/sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP /sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP
@ -52,6 +56,7 @@ for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
/sbin/ipset -q flush tornodes /sbin/ipset -q flush tornodes
#/sbin/ipset -q create tornodes hash:net #/sbin/ipset -q create tornodes hash:net
for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set tornodes src -j DROP
/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP /sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP /sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP