# ipset updater

Bash + Python ipset list updater from a JSON list of ipv4 and subnets
* Based on [Firehol](https://iplists.firehol.org/) work
* Shorewall documentation here : http://shorewall.org/ipsets.html

```
{
   "lists":{
      "ipv4":
         {
            "spamhaus":"https://www.spamhaus.org/drop/drop.txt",
            "blocklist":"https://lists.blocklist.de/lists/all.txt",
	    "stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",
	    "haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",
	    "blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",
	    "bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",
	    "bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",
	    "bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",
	    "bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",
	    "bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"
         },
      "net":
         {
            "emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
            "bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
            "firehol":"https://iplists.firehol.org/files/firehol_level1.netset",
            "kor":"https://www.okean.com/sinokoreacidr.txt",
            "cn":"https://www.okean.com/chinacidr.txt",
	    "ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",
	    "pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",
	    "sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",
	    "cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"
         }
   }
}
```

### Prerequisites

* ipset
* shorewall
* python requests

```
apt install ipset shorewall python python-requests
```

### Installing


git clone

```
git clone https://git.k3nny.fr/Tools/ipset_updater.git
```

install cron task

```
./install.sh
```

launch for first time

```
./ipset_update.sh
```

## Using in shorewall

Add these rules in `/etc/shorewall/rules` :

```
DROP		net:+blacklist	$FW
DROP		net:+blacklist_ipv4	$FW
DROP		net:+blacklist_net	$FW
DROP		$FW			net:+blacklist
DROP		$FW			net:+blacklist_net
DROP		$FW			net:+blacklist_ipv4
```