clutter

dshield_auto.sh

@@ -1,67 +0,0 @@
-#!/bin/bash
-# Written by Onder Vincent Koc
-# @url: https://github.com/koconder/dshield_automatic_iptables
-# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist
-#
-# Dshield Automatic Import to iptables
-# Import Dshield Blocklist in a basic shell script which will run silently via cron
-# and also use a seprate chain file to support other iptables rules without flushing
-# i.e. fail2ban and ddosdeflate
-
-# path to iptables
-IPTABLES="/sbin/iptables";
-
-# list of known spammers
-URL="http://feeds.dshield.org/block.txt";
-
-# save local copy here
-FILE="/tmp/dshield_block.text";
-
-# iptables custom chain
-CHAIN="dshield";
-
-# check to see if the chain already exists
-$IPTABLES -L $CHAIN -n
-
-# check to see if the chain already exists
-if [ $? -eq 0 ]; then
-
-    # flush the old rules
-    $IPTABLES -F $CHAIN
-
-    echo "Flushed old rules. Applying updated dsheild list...."    
-
-else
-
-    # create a new chain set
-    $IPTABLES -N $CHAIN
-
-    # tie chain to input rules so it runs
-    $IPTABLES -A INPUT -j $CHAIN
-
-    # don't allow this traffic through
-    $IPTABLES -A FORWARD -j $CHAIN
-
-    echo "Chain not detected. Creating new chain and adding dsheild list...."
-
-fi;
-
-# get a copy of the spam list
-wget -qc $URL -O $FILE
-
-blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n)
-for IP in $blocklist
-do
-    # add the ip address log rule to the chain
-    $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dsheild BLOCK]" -m limit --limit 3/min --limit-burst 10
-
-    # add the ip address to the chain
-    $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
-
-    echo $IP
-done
-
-echo "Done!"
-
-# remove the spam list
-unlink $FILE