#!/bin/bash exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 exec 1>log.out 2>&1 set -x # Everything below will go to the file 'log.out': source pid.sh IP_TMP=/tmp/ip.tmp IP_BLOCKLIST=/etc/ip-blocklist.conf IP_BLOCKLIST_TMP=/tmp/ip-blocklist.tmp IP_BLOCKLIST_CUSTOM=/etc/ip-blocklist-custom.conf # optional BLACKLISTS=( "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies "https://www.maxmind.com/en/high-risk-ip-sample-list" # MaxMind High Risk Sample List "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List "https://rules.emergingthreats.net/blockrules/compromised-ips.txt" # Emerging Threats - Russian Business Networks List "http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP) "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List "http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List "http://lists.blocklist.de/lists/all.txt" # blocklist.de fail2ban reporting service "https://fx.vc-mp.eu/shared/iplist.txt" # ferex badlist "https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt" # FEODO tracker "https://reputation.alienvault.com/reputation.generic" # ALIENVAULT REPUTATION "http://www.darklist.de/raw.php" # DARKLIST DE "http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt" "http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt" "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt" "http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt" "http://osint.bambenekconsulting.com/feeds/c2-masterlist.txt" "http://osint.bambenekconsulting.com/feeds/dga-feed.txt" "https://www.binarydefense.com/banlist.txt" # Binary Defense Systems "https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt" # https://github.com/stamparm/ipsum "http://sblam.com/blacklist.txt" # SBLAM "http://blocklist.greensnow.co/greensnow.txt" "http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt" "https://www.malwaredomainlist.com/hostslist/ip.txt" "https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt" ) for i in "${BLACKLISTS[@]}" do curl "$i" > $IP_TMP grep -Po '(?:\d{1,3}.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLOCKLIST_TMP done #Get the iblocklist wget -qO- http://list.iblocklist.com/?list=erqajhwrxiuvjxqrrwfj&fileformat=p2p&archiveformat=gz > $_input || { echo "$0: Unable to download ip list."; exit 1; } #Consolidate iblocklist into master list cat "$_input" >> $IP_BLOCKLIST_TMP #Consolidate the shodan.io IP addresses database cat /opt/blocklist/shodan.txt >> $IP_BLOCKLIST_TMP #Sort the list sort $IP_BLOCKLIST_TMP -n | uniq > $IP_BLOCKLIST #Remove temporary list rm $IP_BLOCKLIST_TMP #count how many IP addresses are in the list wc -l $IP_BLOCKLIST #Flush the ipset /usr/sbin/ipset flush blocklist #Add IP addresses to the ipset grep -v "^#|^$" $IP_BLOCKLIST | while IFS= read -r ip; do /usr/sbin/ipset add blocklist "$ip"; done ### Section for firewalld firewall-cmd --delete-ipset=blocklist --permanent firewall-cmd --permanent --new-ipset=blocklist --type=hash:net --option=family=inet --option=hashsize=1048576 --option=maxelem=1048576 firewall-cmd --permanent --ipset=blocklist --add-entries-from-file=/etc/ip-blocklist.conf firewall-cmd --reload echo "Firewalld ipset list entries:" firewall-cmd --permanent --ipset=blocklist --get-entries | wc -l echo "ipset list entries:" cat /etc/ip-blocklist.conf | wc -l