ipset_updater/README.md

# ipset updater

Bash + Python ipset list updater from a JSON list of ipv4 and subnets
* Based on [Firehol](https://iplists.firehol.org/) work
* Shorewall documentation here : http://shorewall.org/ipsets.html

```
{
   "lists":{
      "ipv4":
         {
            "spamhaus":"https://www.spamhaus.org/drop/drop.txt",
            "blocklist":"https://lists.blocklist.de/lists/all.txt",
	    "stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",
	    "haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",
	    "blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",
	    "bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",
	    "bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",
	    "bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",
	    "bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",
	    "bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"
         },
      "net":
         {
            "emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
            "bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
            "firehol":"https://iplists.firehol.org/files/firehol_level1.netset",
            "kor":"https://www.okean.com/sinokoreacidr.txt",
            "cn":"https://www.okean.com/chinacidr.txt",
	    "ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",
	    "pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",
	    "sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",
	    "cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"
         }
   }
}
```

### Prerequisites

* ipset
* shorewall
* python requests

```
apt install ipset shorewall python python-requests
```

### Installing


git clone

```
git clone https://git.k3nny.fr/Tools/ipset_updater.git
```

install cron task

```
./install.sh
```

launch for first time

```
./ipset_update.sh
```

## Using in shorewall

Add these rules in `/etc/shorewall/rules` :

```
DROP		net:+blacklist	$FW
DROP		net:+blacklist_ipv4	$FW
DROP		net:+blacklist_net	$FW
DROP		$FW			net:+blacklist
DROP		$FW			net:+blacklist_net
DROP		$FW			net:+blacklist_ipv4
```
readme 2019-08-28 17:06:14 +02:00			`# ipset updater`
update 2019-08-28 16:58:30 +02:00
json 2019-08-28 17:11:32 +02:00			`Bash + Python ipset list updater from a JSON list of ipv4 and subnets`
			`* Based on [Firehol](https://iplists.firehol.org/) work`
Mise à jour de 'README.md' 2019-08-28 17:12:58 +02:00			`* Shorewall documentation here : http://shorewall.org/ipsets.html`
json 2019-08-28 17:11:32 +02:00
			```
			`{`
			`"lists":{`
			`"ipv4":`
			`{`
			`"spamhaus":"https://www.spamhaus.org/drop/drop.txt",`
			`"blocklist":"https://lists.blocklist.de/lists/all.txt",`
Mise à jour de 'README.md' 2019-08-28 17:12:20 +02:00			`"stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",`
			`"haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",`
Mise à jour de 'README.md' 2019-08-28 17:12:07 +02:00			`"blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",`
			`"bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",`
			`"bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",`
			`"bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",`
			`"bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",`
			`"bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"`
json 2019-08-28 17:11:32 +02:00			`},`
			`"net":`
			`{`
			`"emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",`
			`"bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",`
			`"firehol":"https://iplists.firehol.org/files/firehol_level1.netset",`
			`"kor":"https://www.okean.com/sinokoreacidr.txt",`
			`"cn":"https://www.okean.com/chinacidr.txt",`
Mise à jour de 'README.md' 2019-08-28 17:12:07 +02:00			`"ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",`
			`"pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",`
			`"sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",`
			`"cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"`
json 2019-08-28 17:11:32 +02:00			`}`
			`}`
			`}`
			```
update 2019-08-28 16:58:30 +02:00
readme 2019-08-28 17:06:14 +02:00			`### Prerequisites`

			`* ipset`
			`* shorewall`
Mise à jour de 'README.md' 2019-10-12 19:07:00 +02:00			`* python requests`
readme 2019-08-28 17:06:14 +02:00
			```
Mise à jour de 'README.md' 2019-10-12 19:07:00 +02:00			`apt install ipset shorewall python python-requests`
readme 2019-08-28 17:06:14 +02:00			```

			`### Installing`


			`git clone`

			```
			`git clone https://git.k3nny.fr/Tools/ipset_updater.git`
			```

			`install cron task`

			```
			`./install.sh`
			```

			`launch for first time`

			```
			`./ipset_update.sh`
			```

			`## Using in shorewall`

			Add these rules in `/etc/shorewall/rules` :

			```
			`DROP net:+blacklist $FW`
			`DROP net:+blacklist_ipv4 $FW`
			`DROP net:+blacklist_net $FW`
			`DROP $FW net:+blacklist`
			`DROP $FW net:+blacklist_net`
			`DROP $FW net:+blacklist_ipv4`
			```