first

set_ip_blacklist.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+rm /tmp/testlog.txt
+exec >/tmp/testlog.txt 2>&1
+set -x
+
+/sbin/ipset -q flush ipsum
+/sbin/ipset -q create ipsum hash:net
+/bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done'
+/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP
+rm firehol_level3.netset
+wget https://iplists.firehol.org/files/firehol_level3.netset
+my_file=$(cat firehol_level3.netset |grep -v "#")
+/sbin/ipset -q flush fireh
+/sbin/ipset -q create fireh hash:net
+for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done
+/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP
+/sbin/ipset -q flush blockde
+/sbin/ipset -q create blockde hash:net
+rm blocklist.de
+# wget -O blocklist.de http://lists.blocklist.de/lists/all.txt
+wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset 
+my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de)
+for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done
+/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP
+/sbin/ipset -q flush blockde6
+/sbin/ipset -q create blockde6 hash:net family inet6
+my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de)
+echo setting ipv6...
+for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done
+/sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP
+
+wget -O tornodes.lst https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst
+my_file=$(awk 'length($1) < 16 { print $1 }' tornodes.lst)
+for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
+/sbin/ipset -q flush tornodes 
+/sbin/ipset -q create tornodes hash:net
+for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
+/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP