#!/bin/bash
IPTABLES=/sbin/iptables
URL=http://feeds.dshield.org/block.txt
FILE=/tmp/dshield_block.text
CHAIN=dshield

IP_TMP=/tmp/ip.tmp
IP_BLACKLIST=/etc/ip-blacklist.conf
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
BLACKLISTS=(
# Project Honey Pot Directory of Dictionary Attacker IPs
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" 
# TOR Exit Nodes
"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1"
# BruteForceBlocker
"http://danger.rulez.sk/projects/bruteforceblocker/blist.php" 
# Spamhaus
"http://www.spamhaus.org/drop/drop.lasso" 
# C.I. Army
"http://cinsscore.com/list/ci-badguys.txt" 
# OpenBL.org
"http://www.openbl.org/lists/base.txt" 
# Autoshun
"http://www.autoshun.org/files/shunlist.csv"
# Blocklist.de
"http://lists.blocklist.de/lists/all.txt"
# Malware Domain List
"https://www.malwaredomainlist.com/hostslist/ip.txt"
# ZeusTracker
"https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist"
)
for i in "${BLACKLISTS[@]}"
do
    curl "$i" > $IP_TMP
    grep -Po '(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLACKLIST_TMP
done

sort $IP_BLACKLIST_TMP -n | uniq > $IP_BLACKLIST
rm $IP_BLACKLIST_TMP
wc -l $IP_BLACKLIST

ipset flush blacklist
egrep -v "^#|^$" $IP_BLACKLIST | while IFS= read -r ip
do
        ipset add blacklist $ip
done

# Written by Onder Vincent Koc
# @url: https://github.com/koconder/dshield_automatic_iptables
# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist
#
# Dshield Automatic Import to iptables
# Import Dshield Blocklist in a basic shell script which will run silently via cron
# and also use a seprate chain file to support other iptables rules without flushing
# i.e. fail2ban and ddosdeflate



# check to see if the chain already exists
$IPTABLES -L $CHAIN -n

# check to see if the chain already exists
if [ $? -eq 0 ]; then

    # flush the old rules
    $IPTABLES -F $CHAIN

    echo "Flushed old rules. Applying updated dshield list...."    

else

    # create a new chain set
    $IPTABLES -N $CHAIN

    # tie chain to input rules so it runs
    $IPTABLES -A INPUT -j $CHAIN

    # don't allow this traffic through
    $IPTABLES -A FORWARD -j $CHAIN

    echo "Chain not detected. Creating new chain and adding dshield list...."

fi;

# get a copy of the spam list
wget -qc $URL -O $FILE

blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n)
for IP in $blocklist
do
    # add the ip address log rule to the chain
    $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dshield BLOCK]" -m limit --limit 3/min --limit-burst 10

    # add the ip address to the chain
    $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP

    echo $IP
done

echo "Done!"

# remove the spam list
unlink $FILE

/etc/init.d/iptables-persistent save