From 6556da1e65c770806727e261505cb3e0200e1ca6 Mon Sep 17 00:00:00 2001
From: ChiefGyk <alon@ganon.me>
Date: Thu, 30 Jun 2016 08:20:47 -0400
Subject: [PATCH] removed geoblocks, made tor exit node blocking optional
 during setup via yes/no dialog which will comment out the appropriate line in
 /etc/cron.daily/blacklist. Rearranged some code, deleted some files and
 clutter.

---
 conf/blacklist/blacklist |  7 +++----
 conf/blacklist/china     |  6 ------
 conf/blacklist/korea     |  7 -------
 conf/blacklist/sinokorea |  7 -------
 setup/blacklist.sh       |  5 +++--
 setup/tor.sh             | 22 ++++++++++++++++++++++
 6 files changed, 28 insertions(+), 26 deletions(-)
 delete mode 100644 conf/blacklist/china
 delete mode 100644 conf/blacklist/korea
 delete mode 100644 conf/blacklist/sinokorea
 create mode 100644 setup/tor.sh

diff --git a/conf/blacklist/blacklist b/conf/blacklist/blacklist
index 2254583d..6d1e0b86 100644
--- a/conf/blacklist/blacklist
+++ b/conf/blacklist/blacklist
@@ -3,7 +3,6 @@ IPTABLES=/sbin/iptables
 URL=http://feeds.dshield.org/block.txt
 FILE=/tmp/dshield_block.text
 CHAIN=dshield
-
 IP_TMP=/tmp/ip.tmp
 IP_BLACKLIST=/etc/ip-blacklist.conf
 IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
@@ -54,7 +53,7 @@ done
 # and also use a seprate chain file to support other iptables rules without flushing
 # i.e. fail2ban and ddosdeflate
 
-
+echo "Beginning steps to block 20 most malicious IP blocks."
 
 # check to see if the chain already exists
 $IPTABLES -L $CHAIN -n
@@ -65,7 +64,7 @@ if [ $? -eq 0 ]; then
     # flush the old rules
     $IPTABLES -F $CHAIN
 
-    echo "Flushed old rules. Applying updated dshield list...."    
+    echo "Flushed old rules..."    
 
 else
 
@@ -78,7 +77,7 @@ else
     # don't allow this traffic through
     $IPTABLES -A FORWARD -j $CHAIN
 
-    echo "Chain not detected. Creating new chain and adding dshield list...."
+    echo "Chain not detected. Creating new chain..."
 
 fi;
 
diff --git a/conf/blacklist/china b/conf/blacklist/china
deleted file mode 100644
index 8a38549e..00000000
--- a/conf/blacklist/china
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-curl http://www.okean.com/antispam/iptables/rc.firewall.china > /tmp/china.sh
-chmod +x /tmp/china.sh
-source /tmp/china.sh
-rm -f /tmp/china.sh
-/etc/init.d/iptables-persistent save
diff --git a/conf/blacklist/korea b/conf/blacklist/korea
deleted file mode 100644
index ba0e110d..00000000
--- a/conf/blacklist/korea
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-curl http://www.okean.com/antispam/iptables/rc.firewall.korea > /tmp/korea.sh
-chmod +x /tmp/korea.sh
-source /tmp/korea.sh
-rm -f /tmp/korea.sh
-/etc/init.d/iptables-persistent save
-
diff --git a/conf/blacklist/sinokorea b/conf/blacklist/sinokorea
deleted file mode 100644
index 75ca14d0..00000000
--- a/conf/blacklist/sinokorea
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-curl http://www.okean.com/antispam/iptables/rc.firewall.sinokorea > /tmp/sinokorea.sh
-chmod +x /tmp/sinokorea.sh
-source /tmp/sinokorea.sh
-rm -f /tmp/sinokorea.sh
-ipset save > /etc/ipset.up.rules
-iptables-save > /etc/iptables.up.rules
diff --git a/setup/blacklist.sh b/setup/blacklist.sh
index 28222545..64d01010 100644
--- a/setup/blacklist.sh
+++ b/setup/blacklist.sh
@@ -8,14 +8,15 @@
 source setup/functions.sh # load our functions
 source /etc/mailinabox.conf # load global vars
 
+cp conf/blacklist /etc/cron.daily/blacklist
+chmod a+x /etc/cron.daily/blacklist
+source setup/tor.sh
 echo iptables-persistent iptables-persistent/autosave_v4 boolean false | debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean false | debconf-set-selections
 apt_install -y ipset dialog iptables-persistent
 cp conf/iptables-persistent /etc/init.d/iptables-persistent
 ipset create blacklist hash:net
 iptables -I INPUT -m set --match-set blacklist src -j DROP
-cp conf/blacklist/blacklist /etc/cron.daily/blacklist
-chmod a+x /etc/cron.daily/blacklist
 time /etc/cron.daily/blacklist
 source setup/dialog.sh
 /etc/init.d/iptables-persistent save
diff --git a/setup/tor.sh b/setup/tor.sh
new file mode 100644
index 00000000..9d5b077a
--- /dev/null
+++ b/setup/tor.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+# tor.sh - Yes/No
+# created by Alon "ChiefGyk" Ganon
+# Alon@ganon.me
+# This will give the option of blocking Tor exit nodes
+dialog --title "Disable Tor Exit Nodes?" \
+--backtitle "" \
+--yesno "Would you like to block all Tor exit nodes? This will block all traffic coming from Tor which will impair people using it to \
+avoid censorship. However the majority of malicious traffic is sourced from Tor. If you change your mind later you can comment/uncomment line 14 \
+of /etc/cron.daily/blacklist where it specifies Tor Exit Nodes" 15 60
+
+# Get exit status
+# 0 means user hit [yes] button.
+# 1 means user hit [no] button.
+# 255 means user hit [Esc] key.
+response=$?
+case $response in
+   0) sed -e '13 s/^/#/' /etc/conf.daily/blacklist 
+   echo "Tor Exit Nodes Blocked";;
+   1) echo "Freedom";;
+   255) echo "[ESC] key pressed.";;
+esac
\ No newline at end of file