#!/bin/bash # Customized by CCNA HUB - Imad Daou # Original Script: https://raw.githubusercontent.com/trick77/ipset-blacklist/master/update-blacklist.sh # Fore more information about the Progress Bar: https://raw.githubusercontent.com/haikieu/shell-progressbar/master/progressbar.sh function delay() { sleep 0.2; } # # Description : print out executing progress # CURRENT_PROGRESS=0 function progress() { PARAM_PROGRESS=$1; PARAM_STATUS=$2; if [ $CURRENT_PROGRESS -le 0 -a $PARAM_PROGRESS -ge 0 ] ; then echo -ne "\x1B[01;89m[.....................................................] (0%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 5 -a $PARAM_PROGRESS -ge 5 ] ; then echo -ne "\x1B[01;89m[###..................................................] (5%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 10 -a $PARAM_PROGRESS -ge 10 ]; then echo -ne "\x1B[01;89m[######...............................................] (10%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 15 -a $PARAM_PROGRESS -ge 15 ]; then echo -ne "\x1B[01;89m[########.............................................] (15%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 20 -a $PARAM_PROGRESS -ge 20 ]; then echo -ne "\x1B[01;89m[###########..........................................] (20%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 25 -a $PARAM_PROGRESS -ge 25 ]; then echo -ne "\x1B[01;89m[#############........................................] (25%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 30 -a $PARAM_PROGRESS -ge 30 ]; then echo -ne "\x1B[01;89m[################.....................................] (30%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 35 -a $PARAM_PROGRESS -ge 35 ]; then echo -ne "\x1B[01;89m[###################..................................] (35%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 40 -a $PARAM_PROGRESS -ge 40 ]; then echo -ne "\x1B[01;89m[######################...............................] (40%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 45 -a $PARAM_PROGRESS -ge 45 ]; then echo -ne "\x1B[01;89m[########################.............................] (45%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 50 -a $PARAM_PROGRESS -ge 50 ]; then echo -ne "\x1B[01;89m[###########################..........................] (50%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 55 -a $PARAM_PROGRESS -ge 55 ]; then echo -ne "\x1B[01;89m[##############################.......................] (55%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 60 -a $PARAM_PROGRESS -ge 60 ]; then echo -ne "\x1B[01;89m[#################################....................] (60%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 65 -a $PARAM_PROGRESS -ge 65 ]; then echo -ne "\x1B[01;89m[####################################.................] (65%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 70 -a $PARAM_PROGRESS -ge 70 ]; then echo -ne "\x1B[01;89m[#######################################..............] (70%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 75 -a $PARAM_PROGRESS -ge 75 ]; then echo -ne "\x1B[01;89m[##########################################...........] (75%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 80 -a $PARAM_PROGRESS -ge 80 ]; then echo -ne "\x1B[01;89m[##############################################.......] (80%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 85 -a $PARAM_PROGRESS -ge 85 ]; then echo -ne "\x1B[01;89m[##################################################...] (90%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 90 -a $PARAM_PROGRESS -ge 90 ]; then echo -ne "\x1B[01;89m[#####################################################] (100%) $PARAM_PHASE \r\x1B[0m" ; delay; fi; if [ $CURRENT_PROGRESS -le 100 -a $PARAM_PROGRESS -ge 100 ];then echo -ne '\x1B[01;92m Done! "[#####################################################] (100%) \x1B[0m \n' ; delay; fi; CURRENT_PROGRESS=$PARAM_PROGRESS; } echo echo -e "\x1B[01;93m#### ####\x1B[0m" echo -e "\x1B[01;92m# Preparing IPSET Blacklist Loader Script for IPtables Firewall #\x1B[0m" echo -e "\x1B[01;93m#### ####\x1B[0m" echo echo -e "\x1B[01;93m----------------------------------------------------------\x1B[0m" echo -e "\x1B[01;92m Preparing Multi Blacklists into one file...Please wait...\x1B[0m" echo -e "\x1B[01;93m----------------------------------------------------------\x1B[0m" echo sleep 5 IP_BLACKLIST_DIR=/etc/network/iptables/ipset-blacklist IPSET_BLACKLIST_NAME=IPSET-BLACKLIST # change it if it collides with a pre-existing ipset list IPSET_TMP_BLACKLIST_NAME=${IPSET_BLACKLIST_NAME}-tmp IP_BLACKLIST_RESTORE=${IP_BLACKLIST_DIR}/ip-blacklist.restore IP_BLACKLIST=${IP_BLACKLIST_DIR}/ip-blacklist.list IP_BLACKLIST_CUSTOM=${IP_BLACKLIST_DIR}/ip-blacklist-custom.list # optional, for your personal nemeses (no typo, plural) HASHSIZE=65536 # the initial hash size for the set. Don't touch unless you know what you're doing. MAXELEM=1000000 # the maximal number of elements which can be stored in the set progress 20 "Processing..." # List of URLs for IP blacklists. Currently, only IPv4 is supported in this script, everything else will be filtered. BLACKLISTS=( "http://lists.blocklist.de/lists/all.txt" # blocklist.de ALL type of Attacks "http://myip.ms/files/blacklist/csf/latest_blacklist.txt" # BAD IPs MYIP.MS General Blacklist #"http://antivirus.neu.edu.cn/ssh/lists/base_30days.txt" # NEU SSH Blacklist #"http://cinsscore.com/list/ci-badguys.txt" # Cinnscore Bad Guys Blacklist #"http://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List #"http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt" # StopForumSpam "http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs #"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes #"https://www.maxmind.com/en/anonymous-proxy-fraudulent-ip-address-list" # MaxMind GeoIP Anonymous Proxies "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List "http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP) "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt" # Spamhaus Networks - identified as highly toxic CIDR Networks #"http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List #"http://www.openbl.org/lists/base.txt" # OpenBL.org 30 day List #"http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List "https://www.badips.com/get/list/ssh/5" # Badips.com SSH Level 5 "https://www.badips.com/get/list/apache/1" # Badips.com Apache Level 1 "https://www.badips.com/get/list/nginx/1" # Badips.com Nginx Level 1 "https://www.badips.com/get/list/mail/1" # Badips.com Mail Level 1 "https://www.badips.com/get/list/http/1" # Badips.com HTTP Level 1 "https://www.badips.com/get/list/bruteforce/1" # Badips.com Bruteforce Level 1 "https://www.badips.com/get/list/cms/1" # Badips.com CMS Level 1 "http://www.okean.com/sinokoreacidr.txt" # Okean chinese and korean spammers "http://www.wizcrafts.net/russian-iptables-blocklist.html" # Wizcrafts Russian botnets, attackers and spammers "http://www.wizcrafts.net/nigerian-iptables-blocklist.html" # Wizcrafts Nigeria attackers and spammers "http://www.wizcrafts.net/exploited-servers-iptables-blocklist.html" # Wizcrafts Exploited Servers "http://www.wizcrafts.net/chinese-iptables-blocklist.html" # Wizcrafts Chinese attackers and spammers "http://www.wizcrafts.net/lacnic-iptables-blocklist.html" # This is Wizcrafts' Latin America (LACNIC) blocklist #"http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RussianBusinessNetworkIPs.txt" # RBN Russian IPs "http://feeds.dshield.org/block.txt" # Dshield "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" # Emerging Threats Firewall rules "http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt" # IP Addresses that should not be used on the internet ) progress 40 "Processing..." ################################################################################################################################ #for command in ipset iptables egrep grep curl sort uniq wc #do # if ! which $command > /dev/null; then # echo "Error: please install $command" # exit 1 # fi #done if [ ! -d $IP_BLACKLIST_DIR ]; then echo "Error: please create $IP_BLACKLIST_DIR directory" exit 1 fi if [ -f /etc/network/iptables/ipset-blacklist/ip-blacklist.conf ]; then echo "Error: please remove /etc/network/iptables/ipset-blacklist/ip-blacklist.conf" exit 1 fi if [ -f /etc/network/iptables/ipset-blacklist/ip-blacklist-custom.conf ]; then echo "Error: please move /etc/network/iptables/ipset-blacklist/ip-blacklist-custom.conf to the $IP_BLACKLIST_DIR directory and rename it to $IP_BLACKLIST_CUSTOM" exit 1 fi progress 60 "Processing..." IP_BLACKLIST_TMP=$(mktemp) for i in "${BLACKLISTS[@]}" do IP_TMP=$(mktemp) HTTP_RC=`curl --connect-timeout 10 --max-time 10 -o $IP_TMP -s -w "%{http_code}" "$i"` if [ $HTTP_RC -eq 200 -o $HTTP_RC -eq 302 ]; then grep -Po '(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLACKLIST_TMP # echo -n "!" else echo -e "\nWarning: curl returned HTTP response code $HTTP_RC for URL $i" fi rm $IP_TMP done progress 80 "Processing..." progress 100 "Done " sleep 2 echo sort $IP_BLACKLIST_TMP -n | uniq | sed -e '/^127.0.0.0\|127.0.0.1\|0.0.0.0/d' > $IP_BLACKLIST awk '/^[0-9]/{for(i=1;i<=NF;i++)if(a[$i]++==1) print "\x1B[01;93m Duplicate IP : \x1B[0m",$i;}' $IP_BLACKLIST rm $IP_BLACKLIST_TMP echo -e "\x1B[01;93m Number of Online Blacklist IP/Networks found:\x1B[0m" "\x1B[01;89m `wc -l $IP_BLACKLIST | cut -d' ' -f1` \x1B[0m" echo "create $IPSET_TMP_BLACKLIST_NAME -exist hash:net family inet hashsize $HASHSIZE maxelem $MAXELEM" > $IP_BLACKLIST_RESTORE echo "create $IPSET_BLACKLIST_NAME -exist hash:net family inet hashsize $HASHSIZE maxelem $MAXELEM" >> $IP_BLACKLIST_RESTORE egrep -v "^#|^$" $IP_BLACKLIST | while IFS= read -r ip do echo "add $IPSET_TMP_BLACKLIST_NAME $ip" >> $IP_BLACKLIST_RESTORE done if [ -f $IP_BLACKLIST_CUSTOM ]; then egrep -v "^#|^$" $IP_BLACKLIST_CUSTOM | while IFS= read -r ip do echo "add $IPSET_TMP_BLACKLIST_NAME $ip" >> $IP_BLACKLIST_RESTORE done echo echo -e "\x1B[01;93m Number of Local Custom Admin Blacklist IP/Networks found:\x1B[0m" "\x1B[01;89m `wc -l $IP_BLACKLIST_CUSTOM | cut -d' ' -f1` \x1B[0m" fi echo echo -e "\x1B[01;92m #############################################################################################\x1B[0m" echo -e "\x1B[01;92m # #\x1B[0m" echo -e "\x1B[01;92m # Dynamic and Global Online IPset Blacklist was built into one file. To view the blacklist #\x1B[0m" echo -e "\x1B[01;92m # IP addresses, use ipset -L IPSET-BLACKLIST | less for List name and properties. #\x1B[0m" echo -e "\x1B[01;92m # #\x1B[0m" echo -e "\x1B[01;92m # Instead of loading thousands of IP Addresses using IPtables, IPSET as module will be used #\x1B[0m" echo -e "\x1B[01;92m # by IPtables instead of loading thousands IP Addresses inside the IPtables. #\x1B[0m" echo -e "\x1B[01;92m # #\x1B[0m" echo -e "\x1B[01;92m # To activate the Blacklist, enable the IPset rules inside the IPtables Script file under #\x1B[0m" echo -e "\x1B[01;92m # IPset section. Run IPtables Script again to route all traffic through Blacklist before #\x1B[0m" echo -e "\x1B[01;92m # it hit any service port. #\x1B[0m" echo -e "\x1B[01;92m # CCNA HUB - Imad Daou #\x1B[0m" echo -e "\x1B[01;92m #############################################################################################\x1B[0m" echo echo "swap $IPSET_BLACKLIST_NAME $IPSET_TMP_BLACKLIST_NAME" >> $IP_BLACKLIST_RESTORE echo "destroy $IPSET_TMP_BLACKLIST_NAME" >> $IP_BLACKLIST_RESTORE ipset restore < $IP_BLACKLIST_RESTORE