-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathipset_update.sh
96 lines (82 loc) · 2.38 KB
/
ipset_update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
# Ipset Block Bad IPs
# URL: https://github.com/zevilz/IpsetBlockBadIPs
# Author: zEvilz
# License: MIT
# Version: 1.4.0
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
if [ $# -eq 0 ]; then
echo "Period not set!"
echo "Usage: bash $0 1|7|30|90|180|365"
exit 1
fi
if [[ "$1" != 1 && "$1" != 7 && "$1" != 30 && "$1" != 90 && "$1" != 180 && "$1" != 365 ]]; then
echo "Wrong period set!"
echo "Period must be set to 1 or 7 or 30 or 90 or 180 or 365"
exit 1
fi
LOGGING=0
CUR_PATH=$(dirname $0)
if [[ "$2" == 1 ]]; then
LOGGING=1
fi
echo -n "Download blacklist from stopforumspam.com..."
cd $CUR_PATH
wget -qN http://www.stopforumspam.com/downloads/listed_ip_$1.zip
if ! [ -f listed_ip_$1.zip ]; then
echo "Can't download!"
exit 1
else
unzip -oq listed_ip_$1.zip
echo "Done"
echo -n "Applying blacklist to IPSET..."
ipset -q -N blacklist iphash
ipset -q -F blacklist
BLACKLIST=$(cat $CUR_PATH/listed_ip_$1.txt)
for IP in $BLACKLIST
do
ipset -exist -A blacklist $IP
done
echo "Done"
if [ -f blacklist ]; then
echo -n "Add IPs from custom blacklist to IPSET blacklist..."
CUSTOM_BLACKLIST=$(cat $CUR_PATH/blacklist)
for IP in $CUSTOM_BLACKLIST
do
ipset -exist -A blacklist $IP
done
echo "Done"
fi
if [ -f whitelist ]; then
echo -n "Remove whitelisted IPs from IPSET blacklist..."
WHITELIST=$(cat $CUR_PATH/whitelist)
for IP in $WHITELIST
do
ipset del blacklist $IP > /dev/null 2>/dev/null
done
echo "Done"
fi
if [[ -z $(iptables -L -n | grep 'match-set blacklist') ]]; then
echo -n "Applying blacklist to IPTABLES..."
iptables -I INPUT -m set --match-set blacklist src -j REJECT
echo "Done"
fi
if [ $LOGGING -eq 1 ] && [[ -z $(iptables -L -n | grep 'REJECT blacklist entry') ]]; then
echo -n "Enabling logging..."
iptables -I INPUT -m set --match-set blacklist src -j LOG --log-prefix "REJECT blacklist entry"
echo "Done"
fi
if [ $LOGGING -eq 0 ] && ! [[ -z $(iptables -L -n | grep 'REJECT blacklist entry') ]]; then
echo -n "Disabling logging..."
iptables -D INPUT -m set --match-set blacklist src -j LOG --log-prefix "REJECT blacklist entry"
echo "Done"
fi
echo -n "Num of blacklisted IPs..."
IPS_COUNT=$(ipset -L blacklist | grep 'Number of entries' | awk '{print $NF}')
if ! [ -z "$IPS_COUNT" ]; then
echo "$IPS_COUNT"
else
sleep 5
ipset -L blacklist | grep -A999999999 'Members:' | tail -n +2 | wc -l
fi
fi