2019-08-28 17:06:14 +02:00
|
|
|
# ipset updater
|
2019-08-28 16:58:30 +02:00
|
|
|
|
2019-08-28 17:11:32 +02:00
|
|
|
Bash + Python ipset list updater from a JSON list of ipv4 and subnets
|
|
|
|
* Based on [Firehol](https://iplists.firehol.org/) work
|
2019-08-28 17:12:58 +02:00
|
|
|
* Shorewall documentation here : http://shorewall.org/ipsets.html
|
2019-08-28 17:11:32 +02:00
|
|
|
|
|
|
|
```
|
|
|
|
{
|
|
|
|
"lists":{
|
|
|
|
"ipv4":
|
|
|
|
{
|
|
|
|
"spamhaus":"https://www.spamhaus.org/drop/drop.txt",
|
|
|
|
"blocklist":"https://lists.blocklist.de/lists/all.txt",
|
2019-08-28 17:12:20 +02:00
|
|
|
"stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",
|
|
|
|
"haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",
|
2019-08-28 17:12:07 +02:00
|
|
|
"blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",
|
|
|
|
"bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",
|
|
|
|
"bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",
|
|
|
|
"bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",
|
|
|
|
"bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",
|
|
|
|
"bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"
|
2019-08-28 17:11:32 +02:00
|
|
|
},
|
|
|
|
"net":
|
|
|
|
{
|
|
|
|
"emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
|
|
|
|
"bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
|
|
|
|
"firehol":"https://iplists.firehol.org/files/firehol_level1.netset",
|
|
|
|
"kor":"https://www.okean.com/sinokoreacidr.txt",
|
|
|
|
"cn":"https://www.okean.com/chinacidr.txt",
|
2019-08-28 17:12:07 +02:00
|
|
|
"ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",
|
|
|
|
"pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",
|
|
|
|
"sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",
|
|
|
|
"cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"
|
2019-08-28 17:11:32 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
2019-08-28 16:58:30 +02:00
|
|
|
|
2019-08-28 17:06:14 +02:00
|
|
|
### Prerequisites
|
|
|
|
|
|
|
|
* ipset
|
|
|
|
* shorewall
|
2019-10-12 19:07:00 +02:00
|
|
|
* python requests
|
2019-08-28 17:06:14 +02:00
|
|
|
|
|
|
|
```
|
2019-10-12 19:07:00 +02:00
|
|
|
apt install ipset shorewall python python-requests
|
2019-08-28 17:06:14 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
### Installing
|
|
|
|
|
|
|
|
|
|
|
|
git clone
|
|
|
|
|
|
|
|
```
|
|
|
|
git clone https://git.k3nny.fr/Tools/ipset_updater.git
|
|
|
|
```
|
|
|
|
|
|
|
|
install cron task
|
|
|
|
|
|
|
|
```
|
|
|
|
./install.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
launch for first time
|
|
|
|
|
|
|
|
```
|
|
|
|
./ipset_update.sh
|
|
|
|
```
|
|
|
|
|
|
|
|
## Using in shorewall
|
|
|
|
|
|
|
|
Add these rules in `/etc/shorewall/rules` :
|
|
|
|
|
|
|
|
```
|
|
|
|
DROP net:+blacklist $FW
|
|
|
|
DROP net:+blacklist_ipv4 $FW
|
|
|
|
DROP net:+blacklist_net $FW
|
|
|
|
DROP $FW net:+blacklist
|
|
|
|
DROP $FW net:+blacklist_net
|
|
|
|
DROP $FW net:+blacklist_ipv4
|
|
|
|
```
|