forked from cowgill/spamhaus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
DROP_CR.sh
73 lines (49 loc) · 1.65 KB
/
DROP_CR.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/bin/bash
# based off the following two scripts
# http://www.theunsupported.com/2012/07/block-malicious-ip-addresses/
# http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html
#
# Emerging Threats fwip rules.
#
# Raw IPs for the firewall block lists. These come from:
#
# Spam nets identified by Spamhaus (www.spamhaus.org)
# Top Attackers listed by DShield (www.dshield.org)
# Abuse.ch
# path to iptables
IPTABLES="/sbin/iptables";
# list of known spammers
URL="https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt";
# save local copy here
FILE="/tmp/emerging-Block-IPs.txt";
# iptables custom chain
CHAIN="CloudRambo";
# check to see if the chain already exists
$IPTABLES -L $CHAIN -n
# check to see if the chain already exists
if [ $? -eq 0 ]; then
# flush the old rules
$IPTABLES -F $CHAIN
echo "Flushed old rules. Applying updated DROP list...."
else
# create a new chain set
$IPTABLES -N $CHAIN
# tie chain to input rules so it runs
$IPTABLES -A INPUT -j $CHAIN
# don't allow this traffic through
$IPTABLES -A FORWARD -j $CHAIN
echo "Chain not detected. Creating new chain and adding DROP list...."
fi;
# get a copy of the spam list
wget -qc $URL -O $FILE
# iterate through all known spamming hosts
for IP in $( cat $FILE | egrep -v '(^;|^#.*|^$)' | awk '{ print $1}' ); do
# add the ip address log rule to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[CloudRambo DROP]" -m limit --limit 3/min --limit-burst 10
# add the ip address to the chain
$IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
echo $IP
done
echo "Done!"
# remove the spam list
unlink $FILE