dtmrc · September 15, 2021 18:22
diff --git a/blacklist b/blacklist
 #!/bin/bash

 while read line; 
 do 
 	/usr/sbin/ufw insert 1 deny from $line to any; 
 done < /path/to/blacklist
diff --git a/getBlacklist b/getBlacklist
 #!/bin/bash

 # get latest black list from abuseIPDB

 curl -G https://api.abuseipdb.com/api/v2/blacklist \
  -d confidenceMinimum=50 \
  -H "Key: <API_KEY>" \
  -H "Accept: text/plain" | sort > /path/to/blacklist

 # block every ip in list

 /usr/bin/blacklist
diff --git a/HowTo b/HowTo
 # API Key
 First of all create a free account here and create an API key to use the blacklist: https://www.abuseipdb.com

 # UFW
 You should have installed and started UFW, test it with
 ```bash
 ufw status
 ```

 # Cronjob
 Now we set up the cronjob, it should not be shorter than daily, because otherwise you will quickly get over the query limit at abuseIPDB.

 Create the file `/etc/cron.daily/getBlacklist` with the above content, and replace `<API_KEY>` with cour API key. Change the path to the blacklist, something like `/opt/blacklist`

 # Blacklist
 The last step we create the blacklist script. It reads the blacklist file and create the UFW rules. UFW skips entries it already knows, so there is no danger of double entries.
 Create the /usr/bin/blacklist, change the path to the blacklist and change the permissions, somethink like this: `chmod 755 /usr/bin/blacklist`
	#!/bin/bash

	while read line;
	do
	/usr/sbin/ufw insert 1 deny from $line to any;
	done < /path/to/blacklist
	#!/bin/bash

	# get latest black list from abuseIPDB

	curl -G https://api.abuseipdb.com/api/v2/blacklist \
	-d confidenceMinimum=50 \
	-H "Key: <API_KEY>" \
	-H "Accept: text/plain" \| sort > /path/to/blacklist

	# block every ip in list

	/usr/bin/blacklist
	# API Key
	First of all create a free account here and create an API key to use the blacklist: https://www.abuseipdb.com

	# UFW
	You should have installed and started UFW, test it with
	```bash
	ufw status
	```

	# Cronjob
	Now we set up the cronjob, it should not be shorter than daily, because otherwise you will quickly get over the query limit at abuseIPDB.

	Create the file `/etc/cron.daily/getBlacklist` with the above content, and replace `<API_KEY>` with cour API key. Change the path to the blacklist, something like `/opt/blacklist`

	# Blacklist
	The last step we create the blacklist script. It reads the blacklist file and create the UFW rules. UFW skips entries it already knows, so there is no danger of double entries.
	Create the /usr/bin/blacklist, change the path to the blacklist and change the permissions, somethink like this: `chmod 755 /usr/bin/blacklist`