#!/bin/bash
#
BADGUYS_FILE="" # The location you want to download the list (/path/to/badguys.txt)
CHAIN_NAME="CINSARMY_IPS" # The firewall chain to hold the cinsarmy rules
FIREWALL="/sbin/iptables" # The path to iptables
RULESFILE="" # The path to your iptables rules file (/path/to/iptables.rules)
ETH="" # The name of the ethernet port you'd like to apply these rules to. Example: eth1
echo "Clearing firewall."
$FIREWALL -P INPUT ACCEPT
$FIREWALL -P FORWARD ACCEPT
$FIREWALL -P OUTPUT ACCEPT
$FIREWALL -t nat -F
$FIREWALL -t mangle -F
$FIREWALL -F
$FIREWALL -X
echo "Restoring firewall from iptables.rules."
$FIREWALL-restore < $RULESFILE
echo "Restoring fail2ban rules."
sudo systemctl restart fail2ban
echo "Downloading cinsarmy IP list..."
wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
echo "Making sure it downloaded."
# Check if the file exists
if [[ ! -f "$BADGUYS_FILE" ]]; then
echo "File not found: $BADGUYS_FILE"
exit 1
fi
echo "Processing the list..."
# Check if the chain exists, and creates it if it's not there
if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
echo "Chain $CHAIN_NAME already exists."
$FIREWALL -F $CHAIN_NAME
else
echo "Creating chain $CHAIN_NAME."
$FIREWALL -N $CHAIN_NAME
fi
# Read each line (IP address) from the file and block it
while IFS= read -r ip; do
# Check if the line is not empty
if [[ -n "$ip" ]]; then
# Block the IP address using iptables
$FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
# echo "Blocked IP: $ip"
fi
done < "$BADGUYS_FILE"
# Jump to the our chain from the FORWARD CHAIN
$FIREWALL -A FORWARD -j $CHAIN_NAME
# Delete the bad guys file
rm $BADGUYS_FILE
echo "Bad guys list has been processed, and deleted."
# Check if the rule already exists
RETURNRULE="-A $CHAIN_NAME -p tcp -j RETURN"
if $FIREWALL -S $CHAIN_NAME | grep -q "$RETURNRULE"; then
# echo "Rule already exists: $RETURNRULE"
:
else
# Add the rule if it doesn't exist
$FIREWALL $RETURNRULE
# echo "Rule added: $RETURNRULE"
fi
echo "Done.