Merge branch '2.2'

Added Dshield to block top 20 malicious IP blocks each day

README.md

@@ -9,6 +9,8 @@ Tested on Ubuntu 14.04LTS for my own servers, so please test on your own systems
 
 I have also added the capability to block all Chinese and/or Korean IP Addresses in 2.1 as a good number of spam and malicious activity are linked to them. Towards the end after ipset has added thousands of IP addresses, a dialog will appear giving the option to choose if you want to block China, Korea, both, or neither. Simply select the option you desire and it will take care of the rest. The Korean and/or Chinese addresses will only update weekly, as it blocks entire IP blocks off assigned to the country/countries you have chosen. I may add more countries down the line if need be.
 
+The latest addition in 2.2 is it looks up Dshields top 20 blocks of IP addresses that are malicious, and blocks them daily. It has been merged into the /etc/cron.daily/blacklist created prior. The Dshield script was originally found at https://github.com/koconder/dshield_automatic_iptables
+
 Simply run this once, and that's it.
 sudo ./install.sh 
 alon@ganon.me

conf/blacklist

@@ -1,5 +1,9 @@
 # I found this script somewhere a long time ago and modified it
 #!/bin/bash
+IPTABLES=/sbin/iptables
+URL=http://feeds.dshield.org/block.txt
+FILE=/tmp/dshield_block.text
+CHAIN=dshield
 IP_TMP=/tmp/ip.tmp
 IP_BLACKLIST=/etc/ip-blacklist.conf
 IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
@@ -42,5 +46,63 @@ do
         ipset add blacklist $ip
 done
 
+# Written by Onder Vincent Koc
+# @url: https://github.com/koconder/dshield_automatic_iptables
+# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist
+#
+# Dshield Automatic Import to iptables
+# Import Dshield Blocklist in a basic shell script which will run silently via cron
+# and also use a seprate chain file to support other iptables rules without flushing
+# i.e. fail2ban and ddosdeflate
+
+
+
+# check to see if the chain already exists
+$IPTABLES -L $CHAIN -n
+
+# check to see if the chain already exists
+if [ $? -eq 0 ]; then
+
+    # flush the old rules
+    $IPTABLES -F $CHAIN
+
+    echo "Flushed old rules. Applying updated dshield list...."    
+
+else
+
+    # create a new chain set
+    $IPTABLES -N $CHAIN
+
+    # tie chain to input rules so it runs
+    $IPTABLES -A INPUT -j $CHAIN
+
+    # don't allow this traffic through
+    $IPTABLES -A FORWARD -j $CHAIN
+
+    echo "Chain not detected. Creating new chain and adding dshield list...."
+
+fi;
+
+# get a copy of the spam list
+wget -qc $URL -O $FILE
+
+blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n)
+for IP in $blocklist
+do
+    # add the ip address log rule to the chain
+    $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dshield BLOCK]" -m limit --limit 3/min --limit-burst 10
+
+    # add the ip address to the chain
+    $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
+
+    echo $IP
+done
+
+echo "Done!"
+
+# remove the spam list
+unlink $FILE
+
+# Persistence 
 ipset save > /etc/ipset.up.rules
 iptables-save > /etc/iptables.up.rules

conf/dialog.sh

@@ -51,5 +51,6 @@ case $CHOICE in
 			time /etc/cron.weekly/sinokorea
 			apt-get install -y iptables-persistent
             ;;
-		4) break;;
+		4) echo "doing nothing"
+		;;
 esac

install.sh

@@ -21,6 +21,9 @@ cp conf/blacklist /etc/cron.daily/blacklist
 chmod a+x /etc/cron.daily/blacklist
 time /etc/cron.daily/blacklist
 source conf/dialog.sh
+#cp conf/dshield /etc/cron.daily/dshield
+#chmod +x /etc/cron.daily/dshield
+#time /etc/cron.daily/blacklist
 iptables-save > /etc/iptables.up.rules
 sed -i -e "\$apre-up ipset restore < /etc/ipset.up.rules" /etc/network/interfaces
 sed -i -e "\$apre-up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces