marcodebe · March 23, 2017 10:55
diff --git a/ransomware_ipset b/ransomware_ipset
 #!/bin/bash
 # Author: Marco De Benedetto <[email protected]>
 #
 # Ransomware blocklist for Shorewall using https://ransomwaretracker.abuse.ch/blocklist/
 #
 # prerequisite:
 # 
 # /etc/shorewall/blrules:
 # blacklog	net:+blacklist	all
 # blacklog	all	net:+blacklist
 #
 # /etc/cron.d/ransomware_bloklist:
 # */5 * * * * root /usr/local/bin/ransomware_ipset

 # Create blacklist ipset if it does not exist
 ipset list blacklist > /dev/null 2>&1 || ipset create blacklist hash:ip
 # blacklist_temp shouldn't exist, but anyway...
 ipset destroy blacklist_temp > /dev/null 2>&1
 ipset create blacklist_temp hash:ip
 wget -Nq -P /tmp https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
 (while read ip ; do [[ $ip =~ ^[0-9]+\. ]] && ipset add blacklist_temp $ip; done ) < /tmp/RW_IPBL.txt 
 ipset swap blacklist_temp blacklist
 ipset destroy blacklist_temp > /dev/null 2>&1
	#!/bin/bash
	# Author: Marco De Benedetto <[email protected]>
	#
	# Ransomware blocklist for Shorewall using https://ransomwaretracker.abuse.ch/blocklist/
	#
	# prerequisite:
	#
	# /etc/shorewall/blrules:
	# blacklog net:+blacklist all
	# blacklog all net:+blacklist
	#
	# /etc/cron.d/ransomware_bloklist:
	# /5 * * * root /usr/local/bin/ransomware_ipset

	# Create blacklist ipset if it does not exist
	ipset list blacklist > /dev/null 2>&1 \|\| ipset create blacklist hash:ip
	# blacklist_temp shouldn't exist, but anyway...
	ipset destroy blacklist_temp > /dev/null 2>&1
	ipset create blacklist_temp hash:ip
	wget -Nq -P /tmp https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
	(while read ip ; do [[ $ip =~ ^[0-9]+\. ]] && ipset add blacklist_temp $ip; done ) < /tmp/RW_IPBL.txt
	ipset swap blacklist_temp blacklist
	ipset destroy blacklist_temp > /dev/null 2>&1