mirror of
https://github.com/borekon/Blocklists.git
synced 2025-06-08 14:34:25 +02:00
Stuff corrected
This commit is contained in:
parent
70e9969059
commit
ddaead417f
|
@ -1,2 +1,5 @@
|
||||||
# Blocklist.de-Sync
|
# Blocklist.de-Sync
|
||||||
Synchronize an iptables chain with your desired entries from banlists generated by blocklist.de
|
Synchronize an iptables chain with your desired entries from banlists generated by blocklist.de
|
||||||
|
|
||||||
|
# Further Reading (in german)
|
||||||
|
https://blog.veloc1ty.de/2013/07/22/blocklist-de-script-fur-automatischen-abgleich-mit-synchronisation/
|
||||||
|
|
127
blocklist-update.sh
Normal file
127
blocklist-update.sh
Normal file
|
@ -0,0 +1,127 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
##
|
||||||
|
## Configuration
|
||||||
|
##
|
||||||
|
|
||||||
|
# Files which should be downloaded
|
||||||
|
TO_DOWNLOAD[0]="http://lists.blocklist.de/lists/ftp.txt"
|
||||||
|
#TO_DOWNLOAD[1]="http://lists.blocklist.de/lists/bots.txt"
|
||||||
|
#TO_DOWNLOAD[2]="http://lists.blocklist.de/lists/ssh.txt"
|
||||||
|
TO_DOWNLOAD[1]="http://lists.blocklist.de/lists/bruteforcelogin.txt"
|
||||||
|
TO_DOWNLOAD[2]="http://lists.blocklist.de/lists/apache.txt"
|
||||||
|
|
||||||
|
# Other settings; Edit if necesarry
|
||||||
|
CHAINNAME="blocklist-de"
|
||||||
|
ACTION="REJECT" # Can be DROP
|
||||||
|
PRINT_REPORT=1
|
||||||
|
|
||||||
|
########## Do not edit anything below this line ##########
|
||||||
|
|
||||||
|
#
|
||||||
|
## Needed variables
|
||||||
|
#
|
||||||
|
started=`date`
|
||||||
|
version="1.0.0"
|
||||||
|
amountDownloaded=0
|
||||||
|
amountAfterSortAndUnique=0
|
||||||
|
amountInserted=0
|
||||||
|
amountDeleted=-1
|
||||||
|
|
||||||
|
fileUnfiltered="/tmp/blocklist-ips-unfiltered.txt"
|
||||||
|
fileFiltered="/tmp/blocklist-ips-filtered.txt"
|
||||||
|
|
||||||
|
#
|
||||||
|
## Download every file and concat to one file
|
||||||
|
#
|
||||||
|
for currentFile in "${TO_DOWNLOAD[@]}"
|
||||||
|
do
|
||||||
|
wget -qO - $currentFile >> $fileUnfiltered
|
||||||
|
done
|
||||||
|
|
||||||
|
#
|
||||||
|
## Sort and filter
|
||||||
|
#
|
||||||
|
cat $fileUnfiltered | sort | uniq > $fileFiltered
|
||||||
|
|
||||||
|
amountDownloaded=`cat $fileUnfiltered | wc -l`
|
||||||
|
amountAfterSortAndUnique=`cat $fileFiltered | wc -l`
|
||||||
|
|
||||||
|
#
|
||||||
|
## Create chain if it does not exist
|
||||||
|
#
|
||||||
|
iptables --new-chain $CHAINNAME >/dev/null 2>&1
|
||||||
|
|
||||||
|
# Insert rule (if necesarry) into INPUT chain so the chain above will also be used
|
||||||
|
if [ `iptables -L INPUT | grep $CHAINNAME | wc -l` -eq 0 ]
|
||||||
|
then
|
||||||
|
|
||||||
|
# Insert rule because it is not present
|
||||||
|
iptables -I INPUT -j $CHAINNAME
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
## Insert all IPs from the downloaded list if there is no rule stored
|
||||||
|
#
|
||||||
|
while read currentIP
|
||||||
|
do
|
||||||
|
|
||||||
|
# Check via command
|
||||||
|
iptables -C $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1
|
||||||
|
|
||||||
|
# Now we have to check the exit code of iptables via $?
|
||||||
|
#
|
||||||
|
# 0 = rule exists and don't has to be stored again
|
||||||
|
# 1 = rule does not exist and has to be stored
|
||||||
|
|
||||||
|
if [ $? -eq 1 ]
|
||||||
|
then
|
||||||
|
|
||||||
|
# Append the IP
|
||||||
|
iptables -A $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1
|
||||||
|
|
||||||
|
# Increment the counter
|
||||||
|
amountInserted=$((amountInserted + 1))
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
done < $fileFiltered
|
||||||
|
|
||||||
|
## Now we delete the IPs which are stored in iptables but not anymore in the list
|
||||||
|
while read currentIP
|
||||||
|
do
|
||||||
|
# Check if the ip is in the downloaded list
|
||||||
|
if [ `cat $fileFiltered | grep $currentIP | wc -l` -eq 0 ]
|
||||||
|
then
|
||||||
|
# Delete the rule by its rulenumber
|
||||||
|
# Because changing the action would result in errors
|
||||||
|
iptables -D $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1
|
||||||
|
|
||||||
|
# Increment the counter
|
||||||
|
amountDeleted=$((amountDeleted + 1))
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
done <<< "`iptables -n -L blocklist-de | awk '{print $4}'`"
|
||||||
|
|
||||||
|
## Print report
|
||||||
|
if [ $PRINT_REPORT -eq 1 ]
|
||||||
|
then
|
||||||
|
echo "--- Blockliste.de :: Update-Report"
|
||||||
|
echo ""
|
||||||
|
echo "Script Version: $version"
|
||||||
|
echo "Started: $started"
|
||||||
|
echo "Finished: `date`"
|
||||||
|
echo ""
|
||||||
|
echo "--> Downloaded IPs: $amountDownloaded"
|
||||||
|
echo "--> Unique IPs: $amountAfterSortAndUnique"
|
||||||
|
echo "--> Inserted: $amountInserted"
|
||||||
|
echo "--> Deleted: $amountDeleted"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#
|
||||||
|
## Cleanup
|
||||||
|
#
|
||||||
|
rm -f /tmp/blocklist-ips-unfiltered.txt
|
||||||
|
rm -f /tmp/blocklist-ips-filtered.txt
|
Loading…
Reference in New Issue
Block a user