-
-
Save KenGrinder/b3477d16d29b48b5ba506cf8242f87a0 to your computer and use it in GitHub Desktop.
Geo-IP Block for Edgerouter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Backup previous list | |
| rm -f BLACKLIST_OLD.txt | |
| mv BLACKLIST.txt BLACKLIST_OLD.txt | |
| touch BLACKLIST.txt | |
| #Download the file from PGL.YOYO | |
| curl -O https://pgl.yoyo.org/as/iplist.php | |
| #Download the file from emerging threats | |
| curl -O https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt | |
| #Download the first file from SpamHaus | |
| curl -O https://www.spamhaus.org/drop/drop.txt | |
| #Download the second file from SpamHaus | |
| curl -O https://www.spamhaus.org/drop/edrop.txt | |
| #Download the file from okean Korea | |
| curl -O https://www.okean.com/sinokoreacidr.txt | |
| #Download the file from okean China | |
| curl -O https://www.okean.com/chinacidr.txt | |
| #Download file from myip | |
| curl -O https://myip.ms/files/blacklist/general/latest_blacklist.txt | |
| #Download file from Blocklist.de | |
| curl -O https://lists.blocklist.de/lists/all.txt | |
| #Download bogon blacklist from cymru.org | |
| curl -O https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt | |
| #Combine lists into one file | |
| cat all.txt \ | |
| drop.txt \ | |
| edrop.txt \ | |
| iplist.php \ | |
| sinokoreacidr.txt \ | |
| chinacidr.txt \ | |
| latest_blacklist.txt \ | |
| LocalBlacklist.txt \ | |
| fullbogons-ipv4.txt \ | |
| emerging-Block-IPs.txt > PreliminaryOutput.txt | |
| #Strip out everything except for the IPV4 addresses | |
| sed -e '/^#/ d' \ | |
| -e '/[:]/d' \-e '/[::]/d' \ | |
| -e 's/ .*// g' \ | |
| -e 's/[^0-9,.,/]*// g' \ | |
| -e '/^$/ d' < PreliminaryOutput.txt > PreUniqueOutput.txt | |
| #Count the number of ip's | |
| sed -n '$=' PreUniqueOutput.txt | |
| #Remove any duplicates | |
| sort PreUniqueOutput.txt | uniq -u > PreBlacklist.txt | |
| #Remove any whitelisted ip's from LocalWhitelist.txt | |
| sort PreBlacklist.txt > PreBL.sort | |
| sort LocalWhitelist.txt > LocalWL.sort | |
| comm -23 PreBL.sort LocalWL.sort > BLACKLIST.txt | |
| #Remove any preliminary files | |
| rm Pre* | |
| #Do a final count | |
| sed -n '$=' BLACKLIST.txt | |
| #### | |
| #### | |
| #### | |
| ####trying to incorporate old list | |
| getnetblocks() { | |
| cat <<EOF | |
| # Generated by ipset | |
| -N geotmp nethash --hashsize 1024 --probes 4 --resize 20 | |
| EOF | |
| cat /config/blacklist/BLACKLIST.txt|egrep '^[0-9]'|egrep '/' |sed -e "s/^/-A geotmp /" | |
| } | |
| getnetblocks > /config/blacklist/netblock.txt | |
| sudo ipset -! -R < /config/blacklist/netblock.txt | |
| sudo ipset -W geotmp ET-N | |
| sudo ipset -X geotmp | |
| getaddblocks() { | |
| cat <<EOF | |
| # Generated by ipset | |
| -N geotmp nethash --hashsize 1024 --probes 4 --resize 20 | |
| EOF | |
| cat /config/blacklist/BLACKLIST.txt|egrep '^[0-9]'|egrep -v '/' |sed -e "s/^/-A geotmp /" | |
| } | |
| getaddblocks > /config/blacklist/addblock.txt | |
| sudo ipset -! -R < /config/blacklist/addblock.txt | |
| sudo ipset -W geotmp ET-A | |
| sudo ipset -X geotmp | |
| rm /config/blacklist/addblock.txt | |
| rm /config/blacklist/netblock.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment