borekon/Blocklists
1
0
Fork 0
mirror of https://github.com/borekon/Blocklists.git synced 2025-09-15 15:09:50 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

full rebrand

Browse Source 
Ahora se puede poner en crontab
This commit is contained in:
Alfonso 2025-08-12 18:49:07 +02:00 committed by GitHub
parent 6aa6448d0b
commit d7ca54db0e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 47 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
blocklist.sh
View File

@ -1,50 +1,52 @@
#!/bin/bash #!/bin/bash
RED='\033[1;31m' # Actualiza una lista de bloqueo ipset desde múltiples fuentes
GREEN='\033[1;32m'
YELLOW='\033[1;33m' SET_NAME="blacklist"
BLUE='\033[1;35m' TMP_SET="${SET_NAME}_tmp"
NC='\033[0m'
if [ "$(whoami)" != "root" ]; then # Listas de bloqueo (puedes añadir más URLs aquí)
SUDO=sudo LISTS=(
"https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset"
"https://www.spamhaus.org/drop/drop.txt"
"https://www.spamhaus.org/drop/edrop.txt"
"https://lists.blocklist.de/lists/all.txt"
)
# Crear set principal si no existe
if ! ipset list -n | grep -q "^$SET_NAME\$"; then
ipset create $SET_NAME hash:ip family inet hashsize 4096 maxelem 65536
fi fi
#if [ "$(whoami)" == "root" ]; then echo "root ok"; else echo "run as root!"; exit 1; fi;
#apt update && apt install -y iptables jq ipset coreutils grep
IPTABLES_PATH=$(whereis iptables | awk '{print $2}')
IPSET_PATH=$(whereis ipset | awk '{print $2}')
SORT_PATH=$(whereis sort | awk '{print $2}')
GREP_PATH=$(whereis grep | awk '{print $2}')
JQ_PATH=$(whereis jq | awk '{print $2}')
BLOCKLISTDE="https://lists.blocklist.de/lists/all.txt"
CRWALERS="https://isc.sans.edu/api/threatcategory/research?json"
ABUSE="https://api.abuseipdb.com/api/v2/blacklist"
abuse_key="INSERT_YOUR_API_KEY_HERE" #https://www.abuseipdb.com/account/api
installed() { # Crear set temporal
# $1 should be the command to look for ipset create $TMP_SET hash:ip family inet hashsize 4096 maxelem 65536
if ! [ -x "$(command -v $1)" ]; then
echo -e "${RED}$1 is not available. Please install it and run again.${NC}"
exit 1
else
echo -e "${GREEN}$1 installed${NC}"
fi
}
installed iptables # Descargar y cargar IPs
installed ipset for url in "${LISTS[@]}"; do
installed sort echo "Descargando: $url"
installed jq curl -s "$url" | grep -Eo '^[0-9.]+(/[0-9]+)?' | while read ip; do
installed grep ipset add $TMP_SET $ip 2>/dev/null
done
done
echo -e "${YELLOW}Downloading the most recent IP list from $BLOCKLISTDE ... and adding them to ipset blocklistde${NC}" # Reemplazar el set viejo por el nuevo
${SUDO} $(whereis ipset | cut -d" " -f 2) create blocklistde hash:ip ipset swap $SET_NAME $TMP_SET
curl -s https://lists.blocklist.de/lists/all.txt | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs -L1 ${SUDO} $IPSET_PATH add blocklistde 2>&1 ipset destroy $TMP_SET
echo -e "${YELLOW}Downloading the most recent IP list from $CRWALERS ... and adding them to ipset crawler_bots${NC}"
${SUDO} $(whereis ipset | cut -d" " -f 2) create crawler_bots hash:ip # Bloqueo antes de DNAT → tabla raw PREROUTING
curl -s https://isc.sans.edu/api/threatcategory/research?json | jq '.[] | {ipv4}' | grep ':' | awk '{ print $2 }' | tr -d '"' | xargs -L1 ${SUDO} $IPSET_PATH add crawler_bots 2>&1 if ! iptables -t raw -C PREROUTING -m set --match-set $SET_NAME src -j DROP 2>/dev/null; then
echo -e "${YELLOW}Downloading the most recent IP list from $ABUSE and adding them to abuseipdb${NC}" iptables -t raw -I PREROUTING 1 -m set --match-set $SET_NAME src -j DROP
${SUDO} $(whereis ipset | cut -d" " -f 2) create abuseipdb hash:ip echo "Regla añadida en tabla raw PREROUTING para bloquear antes de DNAT"
curl -G -H "key: $abuse_key" -H "Accept: text/plain" -d confidenceMinimum=90 https://api.abuseipdb.com/api/v2/blacklist | grep -v : | xargs -L1 ${SUDO} $IPSET_PATH add abuseipdb 2>&1 else
echo -e "${YELLOW}Adding the iptables rules...${NC}" echo "La regla en tabla raw PREROUTING ya existe."
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set crawler_bots src -j DROP fi
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set blocklistde src -j DROP
${SUDO} $IPTABLES_PATH -I INPUT -m set --match-set abuseipdb src -j DROP # Añadir regla de iptables si no existe
if ! iptables -C INPUT -m set --match-set $SET_NAME src -j DROP 2>/dev/null; then
iptables -I INPUT -m set --match-set $SET_NAME src -j DROP
echo "Regla añadida a iptables: DROP tráfico desde $SET_NAME"
else
echo "La regla de iptables ya existe."
fi
echo "Actualización completada: $(ipset list $SET_NAME | grep -c '^[0-9]') IPs bloqueadas."