fossilfranv/set_ip_blacklist
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 'set_ip_blacklist.sh'

Browse Source
This commit is contained in:
fossilfranv 2023-03-28 00:29:08 +02:00
parent 158b1b5967
commit 3476c6d9ad
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
set_ip_blacklist.sh
View File

@ -6,47 +6,47 @@ set -x
/sbin/ipset -q flush ipsum /sbin/ipset -q flush ipsum
#The next line only the first time the script is run #The next line only the first time the script is run
#/sbin/ipset -q create ipsum hash:net ##/sbin/ipset -q create ipsum hash:net
/bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done' /bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done'
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set ipsum src -j DROP ##/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set ipsum src -j DROP
/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP ##/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP
rm firehol_level3.netset rm firehol_level3.netset
wget https://iplists.firehol.org/files/firehol_level3.netset wget https://iplists.firehol.org/files/firehol_level3.netset
my_file=$(cat firehol_level3.netset |grep -v "#") my_file=$(cat firehol_level3.netset |grep -v "#")
/sbin/ipset -q flush fireh /sbin/ipset -q flush fireh
#/sbin/ipset -q create fireh hash:net ##/sbin/ipset -q create fireh hash:net
for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set fireh src -j DROP ##/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set fireh src -j DROP
/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP ##/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP
/sbin/ipset -q flush blockde /sbin/ipset -q flush blockde
#/sbin/ipset -q create blockde hash:net ##/sbin/ipset -q create blockde hash:net
rm blocklist.de rm blocklist.de
# wget -O blocklist.de http://lists.blocklist.de/lists/all.txt # wget -O blocklist.de http://lists.blocklist.de/lists/all.txt
wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset
my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de) my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de)
for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set blockde src -j DROP ##/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set blockde src -j DROP
/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP ##/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP
/sbin/ipset -q flush blockde6 /sbin/ipset -q flush blockde6
#/sbin/ipset -q create blockde6 hash:net family inet6 ##/sbin/ipset -q create blockde6 hash:net family inet6
my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de) my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de)
echo setting ipv6... echo setting ipv6...
for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done
/sbin/ip6tables -A DOCKER-USER -i eth0 -m set --match-set blockde6 src -j DROP ##/sbin/ip6tables -A DOCKER-USER -i eth0 -m set --match-set blockde6 src -j DROP
/sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP ##/sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP
@ -54,10 +54,10 @@ wget -O tornodes.lst https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-A
my_file=$(awk 'length($1) < 16 { print $1 }' tornodes.lst) my_file=$(awk 'length($1) < 16 { print $1 }' tornodes.lst)
for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
/sbin/ipset -q flush tornodes /sbin/ipset -q flush tornodes
#/sbin/ipset -q create tornodes hash:net ##/sbin/ipset -q create tornodes hash:net
for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set tornodes src -j DROP ##/sbin/iptables -A DOCKER-USER -i eth0 -m set --match-set tornodes src -j DROP
/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP ##/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP ##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP