-
Notifications
You must be signed in to change notification settings - Fork 2
/
SCRIPT_IPv4
59 lines (48 loc) · 1.35 KB
/
SCRIPT_IPv4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/bin/bash
NETGROUP="SPAMHAUS_DROP"
TMPFILE=/tmp/spamhaus-block-$$.tmp
TMPFILE2=/tmp/temp-spamhaus-block-$$.tmp
clean_up ()
{
/sbin/ipset --destroy $NEWGROUP
/bin/rm $TMPFILE $TMPFILE2
}
>$TMPFILE>$TMPFILE2
/usr/bin/curl -s http://www.spamhaus.org/drop/drop.txt >> $TMPFILE2
/usr/bin/curl -s http://www.spamhaus.org/drop/edrop.txt >> $TMPFILE2
# Filter out comments and remove empty lines and duplicates
/bin/grep '^[0-9]' $TMPFILE2 | /bin/sed -e 's/;.*//' -e 's/#.*//' -e 's/[ \t]*$//' | /usr/bin/sort -u > $TMPFILE
/sbin/ipset -L $NETGROUP > /dev/null 2>&1
if [ "$?" != 0 ]; then
logger -i -s -- "firewall network group $NETGROUP doesn't exist yet"
clean_up
exit 1
fi
NEWGROUP=$NETGROUP-$$
/sbin/ipset --create $NEWGROUP hash:net maxelem 500000
if [ "$?" != 0 ]; then
clean_up
logger -i -s -- "There was an error trying to create temporary set"
exit 1
fi
count=0;
for i in `cat $TMPFILE`;
do
/sbin/ipset -exist -quiet -A $NEWGROUP $i
if [ "$?" != 0 ]; then
logger -i -s -- "There was an error trying to add $i"
clean_up
exit 1
fi
let "count++"
done
/sbin/ipset --swap $NEWGROUP $NETGROUP
if [ "$?" != 0 ]; then
logger -i -s -- "There was an error trying to swap temporary set"
clean_up
exit 1
fi
# Clean up temporary files and temp iptables group
clean_up
logger -i -s -- "added $count entries to $NETGROUP"
exit 0