mikroskeem · December 21, 2024 00:31
diff --git a/fw.sh b/fw.sh
 #!/bin/sh
 iptables -A INPUT -m set --match-set tcpshield-ips src  -p tcp --dport 32767 -j ACCEPT
 iptables -A INPUT                                       -p tcp --dport 32767 -j DROP
diff --git a/ipset_cron.sh b/ipset_cron.sh
 #!/bin/sh
 set -e

 set_name="tcpshield-ips"
 set_exists="$(ipset list -n | grep -c "^${set_name}$")"

 target_set_name="${set_name}"

 if [ "${set_exists}" -gt 0 ]; then
 	set_name="${set_name}_${RANDOM}"
 fi

 ipset create "${set_name}" hash:net

 curl -s https://tcpshield.com/v4/ | while read -r ip; do
 	ipset add "${set_name}" "${ip}"
 done

 if [ "${set_name}" != "${target_set_name}" ]; then
 	ipset swap "${set_name}" "${target_set_name}"
 	ipset destroy "${set_name}"
 fi
	#!/bin/sh
	iptables -A INPUT -m set --match-set tcpshield-ips src -p tcp --dport 32767 -j ACCEPT
	iptables -A INPUT -p tcp --dport 32767 -j DROP
	#!/bin/sh
	set -e

	set_name="tcpshield-ips"
	set_exists="$(ipset list -n \| grep -c "^${set_name}$")"

	target_set_name="${set_name}"

	if [ "${set_exists}" -gt 0 ]; then
	set_name="${set_name}_${RANDOM}"
	fi

	ipset create "${set_name}" hash:net

	curl -s https://tcpshield.com/v4/ \| while read -r ip; do
	ipset add "${set_name}" "${ip}"
	done

	if [ "${set_name}" != "${target_set_name}" ]; then
	ipset swap "${set_name}" "${target_set_name}"
	ipset destroy "${set_name}"
	fi