50 lines
1.9 KiB
Bash
50 lines
1.9 KiB
Bash
#!/bin/sh
|
|
|
|
# IP blacklisting script for Linux servers
|
|
# Pawel Krawczyk https://keybase.io/kravietz
|
|
#
|
|
# This script should be installed as /etc/cron.daily/blacklist
|
|
|
|
|
|
# Emerging Threats lists offensive IPs such as botnet command servers
|
|
urls="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
|
|
# Blocklist.de collects reports from fail2ban probes, listing password brute-forces, scanners and other offenders
|
|
urls="$urls https://www.blocklist.de/downloads/export-ips_all.txt"
|
|
|
|
blocklist_chain_name=blocklists
|
|
|
|
if [ ! -x /usr/sbin/ipset ]; then
|
|
echo "Cannot find ipset"
|
|
echo "Run \"apt-get install ipset\" or \"yum install ipset\""
|
|
exit 1
|
|
fi
|
|
|
|
# create main blocklists chain
|
|
if ! iptables -L ${blocklist_chain_name}; then iptables -N ${blocklist_chain_name}; fi
|
|
|
|
# inject references to blocklist in the beginning of input and forward chains
|
|
if ! iptables -L INPUT|grep -q ${blocklist_chain_name}; then
|
|
iptables -I INPUT 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
|
|
fi
|
|
if ! iptables -L FORWARD|grep -q ${blocklist_chain_name}; then
|
|
iptables -I FORWARD 1 -m state --state NEW,RELATED -j ${blocklist_chain_name}
|
|
fi
|
|
|
|
iptables -F ${blocklist_chain_name}
|
|
|
|
for url in $urls; do
|
|
tmp=$(mktemp)
|
|
tmp2=$(mktemp)
|
|
set_name=$(basename $url)
|
|
curl --compressed -k "$url" >"$tmp"
|
|
sort -u <"$tmp" | egrep "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >"$tmp2"
|
|
ipset -! create ${set_name} hash:net
|
|
while read line; do
|
|
ipset add ${set_name} "$line"
|
|
done <"$tmp2"
|
|
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -m limit --limit 10/minute -j LOG --log-prefix "BLOCK ${set_name} "
|
|
iptables -A ${blocklist_chain_name} -m set --match-set "${set_name}" src,dst -j DROP
|
|
echo ${set_name} $(ipset list ${set_name} | wc -l)
|
|
done
|
|
|