From f3b130997102f60ff6e5b600cc7740f38b248c5d Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Thu, 30 Jun 2016 15:00:52 -0400 Subject: [PATCH 1/2] clutter --- dshield_auto.sh | 67 ------------------------------------------------- 1 file changed, 67 deletions(-) delete mode 100644 dshield_auto.sh diff --git a/dshield_auto.sh b/dshield_auto.sh deleted file mode 100644 index a96d3fd5..00000000 --- a/dshield_auto.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash -# Written by Onder Vincent Koc -# @url: https://github.com/koconder/dshield_automatic_iptables -# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist -# -# Dshield Automatic Import to iptables -# Import Dshield Blocklist in a basic shell script which will run silently via cron -# and also use a seprate chain file to support other iptables rules without flushing -# i.e. fail2ban and ddosdeflate - -# path to iptables -IPTABLES="/sbin/iptables"; - -# list of known spammers -URL="http://feeds.dshield.org/block.txt"; - -# save local copy here -FILE="/tmp/dshield_block.text"; - -# iptables custom chain -CHAIN="dshield"; - -# check to see if the chain already exists -$IPTABLES -L $CHAIN -n - -# check to see if the chain already exists -if [ $? -eq 0 ]; then - - # flush the old rules - $IPTABLES -F $CHAIN - - echo "Flushed old rules. Applying updated dsheild list...." - -else - - # create a new chain set - $IPTABLES -N $CHAIN - - # tie chain to input rules so it runs - $IPTABLES -A INPUT -j $CHAIN - - # don't allow this traffic through - $IPTABLES -A FORWARD -j $CHAIN - - echo "Chain not detected. Creating new chain and adding dsheild list...." - -fi; - -# get a copy of the spam list -wget -qc $URL -O $FILE - -blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n) -for IP in $blocklist -do - # add the ip address log rule to the chain - $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dsheild BLOCK]" -m limit --limit 3/min --limit-burst 10 - - # add the ip address to the chain - $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP - - echo $IP -done - -echo "Done!" - -# remove the spam list -unlink $FILE From 55ab6ec99a8a9d98ec9dc9b9f565e6bcd5e96ccf Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Thu, 30 Jun 2016 15:04:44 -0400 Subject: [PATCH 2/2] readme --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 1df5ff5a..81235f01 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ -<<<<<<< HEAD # ipset-assassin -ipset-assassin (formerly named blocklist) + This will install a cron to run daily and pull lists from multiple sites to block malicious IP addresses. Adding around ~40,000 or more IP addresses per day, all voluntarily and freely contributed. If setting up Fail2Ban I suggest you help contribute to blocklist.de which is one of the lists used here. Script is pretty self explanatory it prepares iptables, ipset, and the cron tab. Simply run as root and it will do the work for you. @@ -21,10 +20,10 @@ sudo ./install.sh alon@ganon.me https://alonganon.info - -ipsets-persistent +====== +#ipsets-persistent https://github.com/jordanrinke/ipsets-persistent -================= + init.d script for iptables-persistent on Debian/Ubuntu that also saves/loads ipsets @@ -32,9 +31,10 @@ init.d script for iptables-persistent on Debian/Ubuntu that also saves/loads ips I added checking for and saving ipsets. sets are saved in the same place as the other rules in a file named rules.ipset. Rules are only saved if they are defined, same with flushing and loading. Instead of checking to see if ipset is installed on the load, I just check for the rules.ipset file, since if that doesn't exist loading does't make sense. There might be better ways to do it, feel free to submit a pull etc. this is just the way I made it work for me. ======= -dshield_automatic_iptables +#dshield_automatic_iptables + https://github.com/koconder/dshield_automatic_iptables -========================== + Auto Import dshield blocklist and import to iptables as a chain. It has been merged into the /etc/cron.daily/blacklist created prior in conf/blacklist.