external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity
8316782cdb
mailinabox/conf/blacklist
ChiefGyk b9a9b46707 merging dshield and blacklist cron together
2016-06-29 18:23:46 -04:00

108 lines
2.9 KiB
Plaintext
Raw Blame History

# I found this script somewhere a long time ago and modified it
#!/bin/bash
IPTABLES=/sbin/iptables
URL=http://feeds.dshield.org/block.txt
FILE=/tmp/dshield_block.text
CHAIN=dshield
IP_TMP=/tmp/ip.tmp
IP_BLACKLIST=/etc/ip-blacklist.conf
IP_BLACKLIST_TMP=/tmp/ip-blacklist.tmp
IP_BLACKLIST_CUSTOM=/etc/ip-blacklist-custom.conf # optional
BLACKLISTS=(
# Project Honey Pot Directory of Dictionary Attacker IPs
"http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1"
# TOR Exit Nodes
"http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1"
# BruteForceBlocker
"http://danger.rulez.sk/projects/bruteforceblocker/blist.php"
# Spamhaus
"http://www.spamhaus.org/drop/drop.lasso"
# C.I. Army
"http://cinsscore.com/list/ci-badguys.txt"
# OpenBL.org
"http://www.openbl.org/lists/base.txt"
# Autoshun
"http://www.autoshun.org/files/shunlist.csv"
# Blocklist.de
"http://lists.blocklist.de/lists/all.txt"
# Malware Domain List
"https://www.malwaredomainlist.com/hostslist/ip.txt"
# ZeusTracker
"https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist"
)
for i in "${BLACKLISTS[@]}"
do
curl "$i" > $IP_TMP
grep -Po '(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLACKLIST_TMP
done
sort $IP_BLACKLIST_TMP -n | uniq > $IP_BLACKLIST
rm $IP_BLACKLIST_TMP
wc -l $IP_BLACKLIST
ipset flush blacklist
egrep -v "^#|^$" $IP_BLACKLIST | while IFS= read -r ip
do
ipset add blacklist $ip
done
# Written by Onder Vincent Koc
# @url: https://github.com/koconder/dshield_automatic_iptables
# @credits: http://wiki.brokenpoet.org/wiki/Get_DShield_Blocklist
#
# Dshield Automatic Import to iptables
# Import Dshield Blocklist in a basic shell script which will run silently via cron
# and also use a seprate chain file to support other iptables rules without flushing
# i.e. fail2ban and ddosdeflate
# check to see if the chain already exists
$IPTABLES -L $CHAIN -n
# check to see if the chain already exists
if [ $? -eq 0 ]; then
# flush the old rules
$IPTABLES -F $CHAIN
echo "Flushed old rules. Applying updated dshield list...."
else
# create a new chain set
$IPTABLES -N $CHAIN
# tie chain to input rules so it runs
$IPTABLES -A INPUT -j $CHAIN
# don't allow this traffic through
$IPTABLES -A FORWARD -j $CHAIN
echo "Chain not detected. Creating new chain and adding dshield list...."
fi;
# get a copy of the spam list
wget -qc $URL -O $FILE
blocklist=$( cat $FILE | awk '/^[0-9]/' | awk '{print $1"/"$3}'| sort -n)
for IP in $blocklist
do
# add the ip address log rule to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[dshield BLOCK]" -m limit --limit 3/min --limit-burst 10
# add the ip address to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
echo $IP
done
echo "Done!"
# remove the spam list
unlink $FILE
# Persistence
ipset save > /etc/ipset.up.rules
iptables-save > /etc/iptables.up.rules
Reference in New Issue View Git Blame Copy Permalink