From fe8acc8e4447061ada7148ab1ad40aa3aa823343 Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Wed, 29 Jun 2016 18:13:18 -0400 Subject: [PATCH] trying to get the blacklist and dshield merged --- conf/dshield | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ dshield | 54 ------------------------------------------ install.sh | 3 +++ 3 files changed, 70 insertions(+), 54 deletions(-) create mode 100644 conf/dshield delete mode 100755 dshield diff --git a/conf/dshield b/conf/dshield new file mode 100644 index 00000000..a96d3fd5 --- /dev/null +++ b/conf/dshield @@ -0,0 +1,67 @@ +#!/bin/bash +# Written by Onder Vincent Koc +# @url: https://github.com/koconder/dshield_automatic_iptables +# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist +# +# Dshield Automatic Import to iptables +# Import Dshield Blocklist in a basic shell script which will run silently via cron +# and also use a seprate chain file to support other iptables rules without flushing +# i.e. fail2ban and ddosdeflate + +# path to iptables +IPTABLES="/sbin/iptables"; + +# list of known spammers +URL="http://feeds.dshield.org/block.txt"; + +# save local copy here +FILE="/tmp/dshield_block.text"; + +# iptables custom chain +CHAIN="dshield"; + +# check to see if the chain already exists +$IPTABLES -L $CHAIN -n + +# check to see if the chain already exists +if [ $? -eq 0 ]; then + + # flush the old rules + $IPTABLES -F $CHAIN + + echo "Flushed old rules. Applying updated dsheild list...." + +else + + # create a new chain set + $IPTABLES -N $CHAIN + + # tie chain to input rules so it runs + $IPTABLES -A INPUT -j $CHAIN + + # don't allow this traffic through + $IPTABLES -A FORWARD -j $CHAIN + + echo "Chain not detected. Creating new chain and adding dsheild list...." + +fi; + +# get a copy of the spam list +wget -qc $URL -O $FILE + +blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n) +for IP in $blocklist +do + # add the ip address log rule to the chain + $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dsheild BLOCK]" -m limit --limit 3/min --limit-burst 10 + + # add the ip address to the chain + $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP + + echo $IP +done + +echo "Done!" + +# remove the spam list +unlink $FILE diff --git a/dshield b/dshield deleted file mode 100755 index 43b07ba1..00000000 --- a/dshield +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -## -## Add the top 20 IP blocks that have been reported by DShield -## -## /etc/cron.daily/dshield -## -## Author: Alon "ChiefGyk" Ganon -## https://alonganon.info -## alon@ganon.me - -datadir=/tmp - -## Get default settings of fail2ban (optional?) -[ -r /etc/default/fail2ban ] && . /etc/default/fail2ban - -umask 000 -blacklistf=$datadir/dshield.txt - -mv -vf $blacklistf $blacklistf.last - -badlisturls="http://feeds.dshield.org/block.txt" - -# Create the chain if it doesn't exist. Harmless if it does. - iptables -vN dshield - -# Grab list(s) at http://feeds.dshield.org/block.txt . Block. -echo "Adding new blocks:" - curl -s http://feeds.dshield.org/block.txt \ - |sort -u \ - |tee $blacklistf \ - |grep -v '^#\|:' \ - |while read IP; do iptables -A dshield -p tcp -s $IP -j DROP; done - - - -# Which listings had been removed since last time? Unblock. -echo "Removing old blocks:" -if [[ -r $blacklistf.diff ]]; then - # comm is brittle, cannot use sort -rn - time comm -23 $blacklistf.last $blacklistf \ - |tee $blacklistf.delisted \ - |grep -v '^#\|:' \ - |while read IP; do iptables -w -D dshield -s $IP -j DROP || iptables -wv -D dshield -s $IP -j LOGDROP; done - -fi - - -# prepare for next time. - diff -wbay $blacklistf.last $blacklistf > $blacklistf.diff - -# save IPtable rules -iptables-save > /etc/iptables.up.rules - -exit \ No newline at end of file diff --git a/install.sh b/install.sh index 0c0d9d08..ad272cbf 100755 --- a/install.sh +++ b/install.sh @@ -21,6 +21,9 @@ cp conf/blacklist /etc/cron.daily/blacklist chmod a+x /etc/cron.daily/blacklist time /etc/cron.daily/blacklist source conf/dialog.sh +#cp conf/dshield /etc/cron.daily/dshield +#chmod +x /etc/cron.daily/dshield +#time /etc/cron.daily/blacklist iptables-save > /etc/iptables.up.rules sed -i -e "\$apre-up ipset restore < /etc/ipset.up.rules" /etc/network/interfaces sed -i -e "\$apre-up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces