Aikhjarto · April 8, 2021 15:54 · slrslr · Mar 30, 2017
diff --git a/block_badips.sh b/block_badips.sh
 #!/bin/bash
 # This script downloads a list of IPs known for brute force attacking within the last two weeks.
 # The fetched IPs get blocked with iptables with the special comment "BADIP". This script only
 # modifies iptables rules with that comment. This measure makes it well compatible with other firewall
 # scripts like the SUSEFirewall.
 # The iptables rules are updated every time this script is executed. Additionally this script is
 # quiet on stdout, which makes it well suited for being executed as a cronjob.
 #
 # Please also use fail2ban with the badips modification and help to maintain the list of attackers.
 # See also: fail2ban and http:///www.badips.com

 IPTABLES_BIN=/usr/sbin/iptables
 IPTABLES_SAVE_BIN=/usr/sbin/iptables-save

 LOGGER_OPTS="-t add_badips"

 # fetch IP list from badips.com
 URL="http://www.badips.com/get/list/ssh/2?age=2w"

 ### download
 logger $LOGGER_OPTS "fetching list of bad IPs from $URL"
 FILE=`mktemp`
 # curl or wget can be used to download. Uncomment line which one should be used
 curl -s $URL > $FILE
 #wget -q -O $FILE $URL
 if [ $? -ne 0 ]; then 
        logger $LOGGER_OPTS -s "ERROR: download of $URL failed"
        exit 1
 else
        logger $LOGGER_OPTS "got "`wc -l $FILE | awk '{ print $1 }'` " IPs"
 fi
  
 ### remove old blocked entries
 FILE2=`mktemp`
 # export all rules with comment "BADIP"
 $IPTABLES_SAVE_BIN  | grep -e "--comment BADIP" | sed 's/-A/-D/' > $FILE2
 logger $LOGGER_OPTS "removing "`wc -l $FILE2 | awk '{ print $1 }'` " old entries"
 # remove all IPs previously known as bad
 # HINT: use a while loop here since a for loop would require changing the IFS due to spaces in $FILE2
 while read RULE; do
        $IPTABLES_BIN $RULE
 done < $FILE2
 rm $FILE2

 ### add new IPs
 for IP in $(cat $FILE); do
        $IPTABLES_BIN -I INPUT $RULE -s $IP -j DROP -m comment --comment "BADIP"
 done
 rm $FILE
 logger $LOGGER_OPTS "done applying IPs"
	#!/bin/bash
	# This script downloads a list of IPs known for brute force attacking within the last two weeks.
	# The fetched IPs get blocked with iptables with the special comment "BADIP". This script only
	# modifies iptables rules with that comment. This measure makes it well compatible with other firewall
	# scripts like the SUSEFirewall.
	# The iptables rules are updated every time this script is executed. Additionally this script is
	# quiet on stdout, which makes it well suited for being executed as a cronjob.
	#
	# Please also use fail2ban with the badips modification and help to maintain the list of attackers.
	# See also: fail2ban and http:///www.badips.com

	IPTABLES_BIN=/usr/sbin/iptables
	IPTABLES_SAVE_BIN=/usr/sbin/iptables-save

	LOGGER_OPTS="-t add_badips"

	# fetch IP list from badips.com
	URL="http://www.badips.com/get/list/ssh/2?age=2w"

	### download
	logger $LOGGER_OPTS "fetching list of bad IPs from $URL"
	FILE=`mktemp`
	# curl or wget can be used to download. Uncomment line which one should be used
	curl -s $URL > $FILE
	#wget -q -O $FILE $URL
	if [ $? -ne 0 ]; then
	logger $LOGGER_OPTS -s "ERROR: download of $URL failed"
	exit 1
	else
	logger $LOGGER_OPTS "got "`wc -l $FILE \| awk '{ print $1 }'` " IPs"
	fi

	### remove old blocked entries
	FILE2=`mktemp`
	# export all rules with comment "BADIP"
	$IPTABLES_SAVE_BIN \| grep -e "--comment BADIP" \| sed 's/-A/-D/' > $FILE2
	logger $LOGGER_OPTS "removing "`wc -l $FILE2 \| awk '{ print $1 }'` " old entries"
	# remove all IPs previously known as bad
	# HINT: use a while loop here since a for loop would require changing the IFS due to spaces in $FILE2
	while read RULE; do
	$IPTABLES_BIN $RULE
	done < $FILE2
	rm $FILE2

	### add new IPs
	for IP in $(cat $FILE); do
	$IPTABLES_BIN -I INPUT $RULE -s $IP -j DROP -m comment --comment "BADIP"
	done
	rm $FILE
	logger $LOGGER_OPTS "done applying IPs"