Blocklist.de-Sync/blocklist-update.sh at master · xtreamjava/Blocklist.de-Sync · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/bash

##
## Configuration
##

# Files which should be downloaded
TO_DOWNLOAD[0]="http://lists.blocklist.de/lists/ftp.txt"
#TO_DOWNLOAD[1]="http://lists.blocklist.de/lists/bots.txt"
#TO_DOWNLOAD[2]="http://lists.blocklist.de/lists/ssh.txt"
TO_DOWNLOAD[1]="http://lists.blocklist.de/lists/bruteforcelogin.txt"
TO_DOWNLOAD[2]="http://lists.blocklist.de/lists/apache.txt"
TO_DOWNLOAD[3]="https://raw.githubusercontent.com/xtreamjava/blocklist/main/banned.txt"

# Other settings; Edit if necesarry
CHAINNAME="blocklist-de"
ACTION="DROP" # Can be DROP
PRINT_REPORT=1
IPTABLES_PATH="/sbin/iptables"

########## Do not edit anything below this line ##########

#
## Needed variables
#
started=`date`
version="1.0.0"
amountDownloaded=0
amountAfterSortAndUnique=0
amountInserted=0
amountDeleted=-1

fileUnfiltered="/tmp/blocklist-ips-unfiltered.txt"
fileFiltered="/tmp/blocklist-ips-filtered.txt"

#
## Download every file and concat to one file
#
for currentFile in "${TO_DOWNLOAD[@]}"
do
    wget -qO - $currentFile >> $fileUnfiltered
done

#
## Sort and filter
#
cat $fileUnfiltered | sort | uniq > $fileFiltered

amountDownloaded=`cat $fileUnfiltered | wc -l`
amountAfterSortAndUnique=`cat $fileFiltered | wc -l`

#
## Create chain if it does not exist
#
$IPTABLES_PATH --new-chain $CHAINNAME >/dev/null 2>&1

# Insert rule (if necesarry) into INPUT chain so the chain above will also be used
if [ `$IPTABLES_PATH -L INPUT | grep $CHAINNAME | wc -l` -eq 0 ]
then

	# Insert rule because it is not present
	$IPTABLES_PATH -I INPUT -j $CHAINNAME

fi

#
## Insert all IPs from the downloaded list if there is no rule stored
#
while read currentIP
do

    # Check via command
    $IPTABLES_PATH -C $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1

    # Now we have to check the exit code of iptables via $?
    #
    # 0 = rule exists and don't has to be stored again
    # 1 = rule does not exist and has to be stored

    if [ $? -eq 1 ]
    then

        # Append the IP
        $IPTABLES_PATH -A $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1

        # Increment the counter
        amountInserted=$((amountInserted + 1))

    fi

done < $fileFiltered

## Now we delete the IPs which are stored in iptables but not anymore in the list
while read currentIP
do
    # Check if the ip is in the downloaded list
    if [ `cat $fileFiltered | grep $currentIP | wc -l` -eq 0 ]
    then
        # Delete the rule by its rulenumber
        # Because changing the action would result in errors
        $IPTABLES_PATH -D $CHAINNAME -s $currentIP -j $ACTION >/dev/null 2>&1

    # Increment the counter
    amountDeleted=$((amountDeleted + 1))

fi

done <<< "`$IPTABLES_PATH -n -L blocklist-de | awk '{print $4}'`"

## Print report
if [ $PRINT_REPORT -eq 1 ]
then
    echo "--- Blockliste.de :: Update-Report"
    echo ""
    echo "Script Version:     $version"
    echo "Started:            $started"
    echo "Finished:           `date`"
    echo ""
    echo "--> Downloaded IPs: $amountDownloaded"
    echo "--> Unique IPs:     $amountAfterSortAndUnique"
    echo "--> Inserted:       $amountInserted"
    echo "--> Deleted:        $amountDeleted"
fi

#
## Cleanup
#
rm -f /tmp/blocklist-ips-unfiltered.txt
rm -f /tmp/blocklist-ips-filtered.txt