| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- #!/bin/bash
- #
- BADGUYS_FILE="" # The location (full path) where you want to download the list
- CHAIN_NAME="CINSARMY_IPS" # The firewall chain to hold the cinsarmy rules
- FIREWALL="/sbin/iptables" # The path to iptables
- ETH="" # The name of the ethernet port you'd like to apply these rules to. Example: eth1
- echo "Clearing firewall."
- $FIREWALL -P INPUT ACCEPT
- $FIREWALL -P FORWARD ACCEPT
- $FIREWALL -P OUTPUT ACCEPT
- $FIREWALL -t nat -F
- $FIREWALL -t mangle -F
- $FIREWALL -F
- $FIREWALL -X
- echo "Restoring firewall from iptables.rules."
- /sbin/iptables-restore < /etc/iptables.rules
- echo "Restoring fail2ban rules."
- sudo systemctl restart fail2ban
- echo "Downloading cinsarmy IP list..."
- wget -c https://cinsscore.com/list/ci-badguys.txt -O $BADGUYS_FILE
- echo "Making sure it downloaded."
- # Check if the file exists
- if [[ ! -f "$BADGUYS_FILE" ]]; then
- echo "File not found: $BADGUYS_FILE"
- exit 1
- fi
- echo "Processing the list..."
- # Check if the chain exists, and creates it if it's not there
- if $FIREWALL -L $CHAIN_NAME -n &> /dev/null; then
- echo "Chain $CHAIN_NAME already exists."
- $FIREWALL -F $CHAIN_NAME
- else
- echo "Creating chain $CHAIN_NAME."
- $FIREWALL -N $CHAIN_NAME
- fi
- # Read each line (IP address) from the file and block it
- while IFS= read -r ip; do
- # Check if the line is not empty
- if [[ -n "$ip" ]]; then
- # Block the IP address using iptables
- $FIREWALL -A $CHAIN_NAME -i $ETH -s "$ip" -j DROP
- # echo "Blocked IP: $ip"
- fi
- done < "$BADGUYS_FILE"
- # Jump to the our chain from the FORWARD CHAIN
- $FIREWALL -A FORWARD -j $CHAIN_NAME
- # Delete the bad guys file
- rm $BADGUYS_FILE
- echo "Bad guys list has been processed, and deleted."
|
