|
|
@@ -0,0 +1,60 @@
|
|
|
+#!/bin/bash
|
|
|
+#
|
|
|
+
|
|
|
+BADGUYS_FILE="/root/ci-badguys.txt"
|
|
|
+CHAIN_NAME="CINSARMY_IPS"
|
|
|
+FIREWALL="/sbin/iptables"
|
|
|
+ETH="eth1"
|
|
|
+
|
|
|
+echo "Clearing firewall."
|
|
|
+$FIREWALL -P INPUT ACCEPT
|
|
|
+$FIREWALL -P FORWARD ACCEPT
|
|
|
+$FIREWALL -P OUTPUT ACCEPT
|
|
|
+$FIREWALL -t nat -F
|
|
|
+$FIREWALL -t mangle -F
|
|
|
+$FIREWALL -F
|
|
|
+$FIREWALL -X
|
|
|
+echo "Restoring firewall from iptables.rules."
|
|
|
+/sbin/iptables-restore < /etc/iptables.rules
|
|
|
+echo "Restoring fail2ban rules."
|
|
|
+sudo systemctl restart fail2ban
|
|
|
+echo "Downloading cinsarmy IP list..."
|
|
|
+
|
|
|
+wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
|
|
|
+
|
|
|
+echo "Making sure it downloaded."
|
|
|
+
|
|
|
+# Check if the file exists
|
|
|
+if [[ ! -f "$BADGUYS_FILE" ]]; then
|
|
|
+ echo "File not found: $BADGUYS_FILE"
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+echo "Processing the list..."
|
|
|
+
|
|
|
+# Check if the chain exists, and creates it if it's not there
|
|
|
+if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
|
|
|
+ echo "Chain $CHAIN_NAME already exists."
|
|
|
+ $FIREWALL -F $CHAIN_NAME
|
|
|
+else
|
|
|
+ echo "Creating chain $CHAIN_NAME."
|
|
|
+ $FIREWALL -N $CHAIN_NAME
|
|
|
+fi
|
|
|
+
|
|
|
+# Read each line (IP address) from the file and block it
|
|
|
+while IFS= read -r ip; do
|
|
|
+ # Check if the line is not empty
|
|
|
+ if [[ -n "$ip" ]]; then
|
|
|
+ # Block the IP address using iptables
|
|
|
+ $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
|
|
|
+ # echo "Blocked IP: $ip"
|
|
|
+ fi
|
|
|
+done < "$BADGUYS_FILE"
|
|
|
+
|
|
|
+# Jump to the our chain from the FORWARD CHAIN
|
|
|
+$FIREWALL -A FORWARD -j $CHAIN_NAME
|
|
|
+
|
|
|
+# Delete the bad guys file
|
|
|
+rm $BADGUYS_FILE
|
|
|
+
|
|
|
+echo "Bad guys list has been processed, and deleted."
|
Allen