ipset blacklist

ipset-blacklist.conf

IPSET_BLACKLIST_NAME=blacklist # change it if it collides with a pre-existing ipset list
IPSET_TMP_BLACKLIST_NAME=${IPSET_BLACKLIST_NAME}-tmp

# ensure the directory for IP_BLACKLIST/IP_BLACKLIST_RESTORE exists (it won't be created automatically)
IP_BLACKLIST_RESTORE=/etc/ipset-blacklist/ip-blacklist.restore
IP_BLACKLIST=/etc/ipset-blacklist/ip-blacklist.list

VERBOSE=yes # probably set to "no" for cron jobs, default to yes
FORCE=yes # will create the ipset-iptable binding if it does not already exist
let IPTABLES_IPSET_RULE_NUMBER=1 # if FORCE is yes, the number at which place insert the ipset-match rule (default to 1)

# Sample (!) list of URLs for IP blacklists. Currently, only IPv4 is supported in this script, everything else will be filtered.
BLACKLISTS=(
    # "file:///etc/ipset-blacklist/ip-blacklist-custom.list" # optional, for your personal nemeses (no typo, plural)
    "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1" # Project Honey Pot Directory of Dictionary Attacker IPs
    "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1"  # TOR Exit Nodes
    "https://www.maxmind.com/en/high-risk-ip-sample-list" # MaxMind GeoIP Anonymous Proxies
    "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List
    "https://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP)
    "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List
    "https://lists.blocklist.de/lists/all.txt" # blocklist.de attackers
    "https://www.myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt" #myip.ms
    "https://rules.emergingthreats.net/blockrules/compromised-ips.txt" #
    "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" #
    "http://www.abuseat.org/iotcc.txt" #
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset" #
    "https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt"
    "https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt"
    "https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt"
    "https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt"
    "https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt"
    "https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt"
    "https://zeustracker.abuse.ch/blocklist.php?download=badips"
    "http://blocklist.greensnow.co/greensnow.txt" # GreenSnow
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset" # Firehol Level 1
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset" # Firehol Level 1
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset" # Firehol Level 1
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset" # Firehol Level 1
    "http://www.malwaredomainlist.com/hostslist/ip.txt"
    "http://sanyalnet-cloud-vps.freeddns.org/blocklist.txt"
    "http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt"
    "http://sanyalnet-cloud-vps2.freeddns.org/blocklist.txt"
    "http://wbri.duckdns.org/blocklist.txt"
    "http://yiradio.duckdns.org/blocklist.txt"
    "http://glewlwyd.duckdns.org/blocklist.txt"
    "http://www.openbl.org/lists/base_7days.txt" #
    "http://malc0de.com/bl/IP_Blacklist.txt" #
    "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist" #
    "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_7d.ipset" # Stopforumspam via Firehol
    # "http://ipverse.net/ipblocks/data/countries/xx.zone" # Ban an entire country, see http://ipverse.net/ipblocks/data/countries/
)
MAXELEM=256000