Delta-in-hub · October 20, 2024 11:14
diff --git a/block_ip_list.service b/block_ip_list.service
 # /etc/systemd/system/block_ip_list.service

 [Unit]
 Description=Block IP List Script

 [Service]
 Type=simple
 ExecStart=/bin/bash /etc/block_ip_list.sh
 User=root
 Group=root
diff --git a/block_ip_list.sh b/block_ip_list.sh
 #!/usr/bin/bash
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"$PATH"

 ipsum_url="https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt"
 firehol_level2_url="https://iplists.firehol.org/files/firehol_level2.netset"
 blocklist_net_ua_url="https://iplists.firehol.org/files/blocklist_net_ua.ipset"
 firehol_abusers_1d_url="https://iplists.firehol.org/files/firehol_abusers_1d.netset"

 flush_ipset() {
    ipset -q flush "$1"
 }

 create_ipset() {
    ipset -q create "$1" hash:net
 }

 destroy_ipset() {
    ipset -q destroy "$1"
 }

 addlist_ipset() {
    for ip in $(curl --compressed "$1" 2>/dev/null | grep -v -E '[#$;!()&|*?<>]|^\s*$' | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add "$2" "$ip"; done
 }

 del_iptables() {
    iptables -D INPUT -m set --match-set "$1" src -j DROP 2>/dev/null
 }

 add_iptables() {
    iptables -I INPUT -m set --match-set "$1" src -j DROP
 }

 add_list_to_iptables() {
    flush_ipset "$1"
    create_ipset "$1"
    addlist_ipset "$2" "$1"
    del_iptables "$1"
    add_iptables "$1"
    echo "Adding $1 to iptables whose source is $2"
 }

 main() {
    if [ -z "$1" ]; then
 #       add_list_to_iptables "blocklist_ipsum" "$ipsum_url"
        add_list_to_iptables "blocklist_firehol_level2" "$firehol_level2_url"
 #       add_list_to_iptables "blocklist_blocklist_net_ua" "$blocklist_net_ua_url"
 #       add_list_to_iptables "blocklist_firehol_abusers_1d" "$firehol_abusers_1d_url"
    fi

    if [ "$1" = "clear" ]; then
        del_iptables "blocklist_ipsum"
        del_iptables "blocklist_firehol_level2"
        del_iptables "blocklist_blocklist_net_ua"
        del_iptables "blocklist_firehol_abusers_1d"

        destroy_ipset "blocklist_ipsum"
        destroy_ipset "blocklist_firehol_level2"
        destroy_ipset "blocklist_blocklist_net_ua"
        destroy_ipset "blocklist_firehol_abusers_1d"
        echo "Clear lists' iptables and destroy ipsets"
    fi

    if [ "$1" = "help" ]; then
        echo "Usage: $0 [clear|help]"
        echo '[default]Add all lists to iptables'
        echo "clear: Clear iptables and ipset"
        echo "help: Show this help"
    fi

 }

 main "$@"
diff --git a/block_ip_list.timer b/block_ip_list.timer
 # /etc/systemd/system/block_ip_list.timer

 [Unit]
 Description=Run Block IP List Script daily at 4 AM

 [Timer]
 OnCalendar=*-*-* 04:00:00
 Persistent=true

 [Install]
 WantedBy=timers.target
	# /etc/systemd/system/block_ip_list.service

	[Unit]
	Description=Block IP List Script

	[Service]
	Type=simple
	ExecStart=/bin/bash /etc/block_ip_list.sh
	User=root
	Group=root
	#!/usr/bin/bash
	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"$PATH"

	ipsum_url="https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt"
	firehol_level2_url="https://iplists.firehol.org/files/firehol_level2.netset"
	blocklist_net_ua_url="https://iplists.firehol.org/files/blocklist_net_ua.ipset"
	firehol_abusers_1d_url="https://iplists.firehol.org/files/firehol_abusers_1d.netset"

	flush_ipset() {
	ipset -q flush "$1"
	}

	create_ipset() {
	ipset -q create "$1" hash:net
	}

	destroy_ipset() {
	ipset -q destroy "$1"
	}

	addlist_ipset() {
	for ip in $(curl --compressed "$1" 2>/dev/null \| grep -v -E '[#$;!()&\|?<>]\|^\s$' \| grep -v -E "\s[1-2]$" \| cut -f 1); do ipset add "$2" "$ip"; done
	}

	del_iptables() {
	iptables -D INPUT -m set --match-set "$1" src -j DROP 2>/dev/null
	}

	add_iptables() {
	iptables -I INPUT -m set --match-set "$1" src -j DROP
	}

	add_list_to_iptables() {
	flush_ipset "$1"
	create_ipset "$1"
	addlist_ipset "$2" "$1"
	del_iptables "$1"
	add_iptables "$1"
	echo "Adding $1 to iptables whose source is $2"
	}

	main() {
	if [ -z "$1" ]; then
	# add_list_to_iptables "blocklist_ipsum" "$ipsum_url"
	add_list_to_iptables "blocklist_firehol_level2" "$firehol_level2_url"
	# add_list_to_iptables "blocklist_blocklist_net_ua" "$blocklist_net_ua_url"
	# add_list_to_iptables "blocklist_firehol_abusers_1d" "$firehol_abusers_1d_url"
	fi

	if [ "$1" = "clear" ]; then
	del_iptables "blocklist_ipsum"
	del_iptables "blocklist_firehol_level2"
	del_iptables "blocklist_blocklist_net_ua"
	del_iptables "blocklist_firehol_abusers_1d"

	destroy_ipset "blocklist_ipsum"
	destroy_ipset "blocklist_firehol_level2"
	destroy_ipset "blocklist_blocklist_net_ua"
	destroy_ipset "blocklist_firehol_abusers_1d"
	echo "Clear lists' iptables and destroy ipsets"
	fi

	if [ "$1" = "help" ]; then
	echo "Usage: $0 [clear\|help]"
	echo '[default]Add all lists to iptables'
	echo "clear: Clear iptables and ipset"
	echo "help: Show this help"
	fi

	}

	main "$@"
	# /etc/systemd/system/block_ip_list.timer

	[Unit]
	Description=Run Block IP List Script daily at 4 AM

	[Timer]
	OnCalendar=--* 04:00:00
	Persistent=true

	[Install]
	WantedBy=timers.target