Last active
June 10, 2019 12:59
-
-
Save sanderbaas/04b017b62f0a995874e31791ed2c9aea to your computer and use it in GitHub Desktop.
Bash script to add myip.ms IP blacklist to iptables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| SETNAME="ip_blacklist" | |
| SETNAME6="ip6_blacklist" | |
| SOURCE="https://myip.ms/files/blacklist/general/full_blacklist_database.zip" | |
| ADDRESSES=$(curl $SOURCE 2>/dev/null | gunzip | awk '$1 ~ /^[^#]/ {print $1}') | |
| # only proceed if new ip's are obtained | |
| if [ -n "$ADDRESSES" ]; then | |
| # ensure list ipv4 exists | |
| ipset list $SETNAME &>/dev/null | |
| if [ $? -ne 0 ]; then | |
| ipset create $SETNAME hash:ip hashsize 32768 maxelem 200000 | |
| iptables -I INPUT -m set --match-set $SETNAME src -j DROP | |
| fi | |
| # ensure list ipv6 exists | |
| ipset list $SETNAME6 &>/dev/null | |
| if [ $? -ne 0 ]; then | |
| ipset create $SETNAME6 hash:ip family inet6 hashsize 32768 maxelem 200000 | |
| ip6tables -I INPUT -m set --match-set $SETNAME6 src -j DROP | |
| fi | |
| # clear existing ipv4 set | |
| ipset flush $SETNAME | |
| # clear existing ipv6 set | |
| ipset flush $SETNAME6 | |
| # add each address to respective blacklist | |
| for ip in $ADDRESSES ; | |
| do | |
| if [[ $ip =~ .*:.* ]] | |
| then | |
| # ipv6 | |
| ipset add $SETNAME6 $ip | |
| else | |
| # ipv4 | |
| ipset add $SETNAME $ip | |
| fi | |
| done | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment