From d2fab72ea22825bde403dd6a99af3ec9dd7dae9e Mon Sep 17 00:00:00 2001
From: fossilfranv <aa@aa.ca>
Date: Mon, 27 Mar 2023 23:53:37 +0200
Subject: [PATCH] Update 'set_ip_blacklist.sh'

---
 set_ip_blacklist.sh | 48 +++++++++++++++++++++------------------------
 1 file changed, 22 insertions(+), 26 deletions(-)

diff --git a/set_ip_blacklist.sh b/set_ip_blacklist.sh
index 6a3aa26..1b2332d 100644
--- a/set_ip_blacklist.sh
+++ b/set_ip_blacklist.sh
@@ -4,56 +4,52 @@ rm /tmp/testlog.txt
 exec >/tmp/testlog.txt 2>&1
 set -x
 
-/sbin/ipset -q flush ipsum
 #The next line only the first time the script is run
-#/sbin/ipset -q create ipsum hash:net
+##/sbin/ipset -q create ipsum hash:net
+/sbin/ipset -q flush ipsum
 /bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do /sbin/ipset add ipsum $ip; done'
-/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP
+##/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set ipsum dst -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set ipsum dst -j DROP
 
+##/sbin/ipset -q create fireh hash:net
 rm firehol_level3.netset
 wget https://iplists.firehol.org/files/firehol_level3.netset
 my_file=$(cat firehol_level3.netset |grep -v "#")
 /sbin/ipset -q flush fireh
-#/sbin/ipset -q create fireh hash:net
 for row_data in $my_file; do /sbin/ipset add fireh ${row_data}; done
-/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP
-
+##/sbin/iptables -I INPUT -m set --match-set fireh src -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set fireh dst -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set fireh dst -j DROP
 
+##/sbin/ipset -q create blockde hash:net
 /sbin/ipset -q flush blockde
-#/sbin/ipset -q create blockde hash:net
 rm blocklist.de
 # wget -O blocklist.de http://lists.blocklist.de/lists/all.txt
 wget -O blocklist.de https://iplists.firehol.org/files/blocklist_de.ipset 
 my_file=$(awk 'length($1) < 16 { print $1 }' blocklist.de)
 for row_data in $my_file; do /sbin/ipset add blockde ${row_data}; done
-/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP
-
+##/sbin/iptables -I INPUT -m set --match-set blockde src -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde dst -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde dst -j DROP
 
+##/sbin/ipset -q create blockde6 hash:net family inet6
 /sbin/ipset -q flush blockde6
-#/sbin/ipset -q create blockde6 hash:net family inet6
 my_file=$(awk 'length($1) > 16 { print $1 }' blocklist.de)
 echo setting ipv6...
 for row_data in $my_file; do /sbin/ipset add blockde6 ${row_data}; done
-/sbin/iptables -I INPUT -m set --match-set blockde6 src -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP
-
+##/sbin/ip6tables -I INPUT -m set --match-set blockde6 src -j DROP
+##/sbin/ip6tables -A FORWARD -p tcp --dport 443 -m set --match-set blockde6 dst -j DROP
+##/sbin/ip6tables -A FORWARD -p tcp --dport 80 -m set --match-set blockde6 dst -j DROP
 
 
+##/sbin/ipset -q create tornodes hash:net
 wget -O tornodes.lst https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst
+/sbin/ipset -q flush tornodes
 my_file=$(awk 'length($1) < 16 { print $1 }' tornodes.lst)
 for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
-/sbin/ipset -q flush tornodes 
-#/sbin/ipset -q create tornodes hash:net
-for row_data in $my_file; do /sbin/ipset add tornodes ${row_data}; done
-/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP
-/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP
+##/sbin/iptables -I INPUT -m set --match-set tornodes src -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 443 -m set --match-set tornodes dst -j DROP
+##/sbin/iptables -A FORWARD -p tcp --dport 80 -m set --match-set tornodes dst -j DROP