diff --git a/conf/blacklist/blacklist b/conf/blacklist/blacklist index 2254583d..6d1e0b86 100644 --- a/conf/blacklist/blacklist +++ b/conf/blacklist/blacklist @@ -3,7 +3,6 @@ IPTABLES=/sbin/iptables URL=http://feeds.dshield.org/block.txt FILE=/tmp/dshield_block.text CHAIN=dshield - IP_TMP=/tmp/ip.tmp IP_BLACKLIST=/etc/ip-blacklist.conf IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp @@ -54,7 +53,7 @@ done # and also use a seprate chain file to support other iptables rules without flushing # i.e. fail2ban and ddosdeflate - +echo "Beginning steps to block 20 most malicious IP blocks." # check to see if the chain already exists $IPTABLES -L $CHAIN -n @@ -65,7 +64,7 @@ if [ $? -eq 0 ]; then # flush the old rules $IPTABLES -F $CHAIN - echo "Flushed old rules. Applying updated dshield list...." + echo "Flushed old rules..." else @@ -78,7 +77,7 @@ else # don't allow this traffic through $IPTABLES -A FORWARD -j $CHAIN - echo "Chain not detected. Creating new chain and adding dshield list...." + echo "Chain not detected. Creating new chain..." fi; diff --git a/conf/blacklist/china b/conf/blacklist/china deleted file mode 100644 index 8a38549e..00000000 --- a/conf/blacklist/china +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -curl http://www.okean.com/antispam/iptables/rc.firewall.china > /tmp/china.sh -chmod +x /tmp/china.sh -source /tmp/china.sh -rm -f /tmp/china.sh -/etc/init.d/iptables-persistent save diff --git a/conf/blacklist/korea b/conf/blacklist/korea deleted file mode 100644 index ba0e110d..00000000 --- a/conf/blacklist/korea +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -curl http://www.okean.com/antispam/iptables/rc.firewall.korea > /tmp/korea.sh -chmod +x /tmp/korea.sh -source /tmp/korea.sh -rm -f /tmp/korea.sh -/etc/init.d/iptables-persistent save - diff --git a/conf/blacklist/sinokorea b/conf/blacklist/sinokorea deleted file mode 100644 index 75ca14d0..00000000 --- a/conf/blacklist/sinokorea +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -curl http://www.okean.com/antispam/iptables/rc.firewall.sinokorea > /tmp/sinokorea.sh -chmod +x /tmp/sinokorea.sh -source /tmp/sinokorea.sh -rm -f /tmp/sinokorea.sh -ipset save > /etc/ipset.up.rules -iptables-save > /etc/iptables.up.rules diff --git a/setup/blacklist.sh b/setup/blacklist.sh index 28222545..64d01010 100644 --- a/setup/blacklist.sh +++ b/setup/blacklist.sh @@ -8,14 +8,15 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars +cp conf/blacklist /etc/cron.daily/blacklist +chmod a+x /etc/cron.daily/blacklist +source setup/tor.sh echo iptables-persistent iptables-persistent/autosave_v4 boolean false | debconf-set-selections echo iptables-persistent iptables-persistent/autosave_v6 boolean false | debconf-set-selections apt_install -y ipset dialog iptables-persistent cp conf/iptables-persistent /etc/init.d/iptables-persistent ipset create blacklist hash:net iptables -I INPUT -m set --match-set blacklist src -j DROP -cp conf/blacklist/blacklist /etc/cron.daily/blacklist -chmod a+x /etc/cron.daily/blacklist time /etc/cron.daily/blacklist source setup/dialog.sh /etc/init.d/iptables-persistent save diff --git a/setup/tor.sh b/setup/tor.sh new file mode 100644 index 00000000..9d5b077a --- /dev/null +++ b/setup/tor.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# tor.sh - Yes/No +# created by Alon "ChiefGyk" Ganon +# Alon@ganon.me +# This will give the option of blocking Tor exit nodes +dialog --title "Disable Tor Exit Nodes?" \ +--backtitle "" \ +--yesno "Would you like to block all Tor exit nodes? This will block all traffic coming from Tor which will impair people using it to \ +avoid censorship. However the majority of malicious traffic is sourced from Tor. If you change your mind later you can comment/uncomment line 14 \ +of /etc/cron.daily/blacklist where it specifies Tor Exit Nodes" 15 60 + +# Get exit status +# 0 means user hit [yes] button. +# 1 means user hit [no] button. +# 255 means user hit [Esc] key. +response=$? +case $response in + 0) sed -e '13 s/^/#/' /etc/conf.daily/blacklist + echo "Tor Exit Nodes Blocked";; + 1) echo "Freedom";; + 255) echo "[ESC] key pressed.";; +esac \ No newline at end of file