vagnernogueira · May 25, 2022 13:08
diff --git a/bogonsblocks.sh b/bogonsblocks.sh
 #!/bin/bash
 # geoip on firewall in centos 7
 # this file: /etc/cron.weekly/bogonsblocks.sh
 # sudo chmod +x /etc/cron.weekly/bogonsblocks.sh

 ## create tmp dir
 # sudo mkdir /var/tmp/ipbogons
 ## create list on ipset
 # sudo ipset create bogonslist hash:net maxelem 1000000 
 ## create rule on firewall-cmd
 # sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0  -m set --match-set bogonslist src -j DROP 
 # sudo firewall-cmd --reload


 TMP=/var/tmp/ipbogons
 rm -rf $TMP
 mkdir -p $TMP
 cd $TMP

 wget -q http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt 1> /dev/null 2> /dev/null

 ex -c ':1d' -c ':wq' fullbogons-ipv4.txt 

 while read p; do
 ipset add bogonslist $p -!
 done < $TMP/fullbogons-ipv4.txt

 logger -p cron.notice "IPSet bogonslist updated."

 exit 0
diff --git a/initipsets.sh b/initipsets.sh
 #!/bin/bash
 # init ipsets on firewalld
 # this file: /etc/cron.d/initipsets.sh
 # sudo chmod +x /etc/cron.d/initipsets.sh
 # edit /etc/rc.localto add last line
 # /etc/cron.d/initipsets.sh

 ipset create bogonslist hash:net maxelem 1000000 
 ipset create countrylist hash:net maxelem 1000000 
 ipset create blacklist hash:net maxelem 1000000 

 # TODO: se tem salvo em txt restaura as listas

 sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0  -m set --match-set bogonslist src -j DROP 
 sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0  -m set --match-set countrylist src -j DROP 
 sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0  -m set --match-set blacklist src -j DROP 
 sudo firewall-cmd --reload

 # TODO: fazer outro script que de hora em hora salva as listas
diff --git a/ipblocks.sh b/ipblocks.sh
 #!/bin/bash
 # geoip on firewall in centos 7
 # this file: /etc/cron.daily/ipblocks.sh
 # sudo chmod +x /etc/cron.daily/ipblocks.sh

 ## create tmp dir
 # sudo mkdir /var/tmp/ipblocks
 ## create list on ipset
 # sudo ipset create countrylist hash:net maxelem 1000000 
 ## create rule on firewall-cmd
 # sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0  -m set --match-set countrylist src -j DROP 
 # sudo firewall-cmd --reload


 TMP=/var/tmp/ipblocks
 rm -rf $TMP
 mkdir -p $TMP
 cd $TMP

 wget -q http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz 1> /dev/null 2> /dev/null
 tar zxf $TMP/all-zones.tar.gz
 rm -f all-zones.tar.gz
 rm -f br.zone
 rm -f us.zone

 for file in *.zone
 do
 cat "$file" >> $TMP/all.txt
 done

 while read p; do
 ipset add countrylist $p -!
 done < $TMP/all.txt

 logger -p cron.notice "IPSet countrylist updated."

 exit 0
	#!/bin/bash
	# geoip on firewall in centos 7
	# this file: /etc/cron.weekly/bogonsblocks.sh
	# sudo chmod +x /etc/cron.weekly/bogonsblocks.sh

	## create tmp dir
	# sudo mkdir /var/tmp/ipbogons
	## create list on ipset
	# sudo ipset create bogonslist hash:net maxelem 1000000
	## create rule on firewall-cmd
	# sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set bogonslist src -j DROP
	# sudo firewall-cmd --reload


	TMP=/var/tmp/ipbogons
	rm -rf $TMP
	mkdir -p $TMP
	cd $TMP

	wget -q http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt 1> /dev/null 2> /dev/null

	ex -c ':1d' -c ':wq' fullbogons-ipv4.txt

	while read p; do
	ipset add bogonslist $p -!
	done < $TMP/fullbogons-ipv4.txt

	logger -p cron.notice "IPSet bogonslist updated."

	exit 0
	#!/bin/bash
	# init ipsets on firewalld
	# this file: /etc/cron.d/initipsets.sh
	# sudo chmod +x /etc/cron.d/initipsets.sh
	# edit /etc/rc.localto add last line
	# /etc/cron.d/initipsets.sh

	ipset create bogonslist hash:net maxelem 1000000
	ipset create countrylist hash:net maxelem 1000000
	ipset create blacklist hash:net maxelem 1000000

	# TODO: se tem salvo em txt restaura as listas

	sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set bogonslist src -j DROP
	sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set countrylist src -j DROP
	sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set blacklist src -j DROP
	sudo firewall-cmd --reload

	# TODO: fazer outro script que de hora em hora salva as listas
	#!/bin/bash
	# geoip on firewall in centos 7
	# this file: /etc/cron.daily/ipblocks.sh
	# sudo chmod +x /etc/cron.daily/ipblocks.sh

	## create tmp dir
	# sudo mkdir /var/tmp/ipblocks
	## create list on ipset
	# sudo ipset create countrylist hash:net maxelem 1000000
	## create rule on firewall-cmd
	# sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set countrylist src -j DROP
	# sudo firewall-cmd --reload


	TMP=/var/tmp/ipblocks
	rm -rf $TMP
	mkdir -p $TMP
	cd $TMP

	wget -q http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz 1> /dev/null 2> /dev/null
	tar zxf $TMP/all-zones.tar.gz
	rm -f all-zones.tar.gz
	rm -f br.zone
	rm -f us.zone

	for file in *.zone
	do
	cat "$file" >> $TMP/all.txt
	done

	while read p; do
	ipset add countrylist $p -!
	done < $TMP/all.txt

	logger -p cron.notice "IPSet countrylist updated."

	exit 0