1
0
ipset update scripts
Go to file
2019-08-28 17:11:32 +02:00
install.sh update 2019-08-28 16:58:30 +02:00
ipset_update.sh update 2019-08-28 16:58:30 +02:00
lists_updater.py update 2019-08-28 16:58:30 +02:00
lists.json update 2019-08-28 16:58:30 +02:00
README.md json 2019-08-28 17:11:32 +02:00

ipset updater

Bash + Python ipset list updater from a JSON list of ipv4 and subnets

{
   "lists":{
      "ipv4":
         {
            "spamhaus":"https://www.spamhaus.org/drop/drop.txt",
            "blocklist":"https://lists.blocklist.de/lists/all.txt",
	        "stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",
	        "haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",
	        "blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",
	        "bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",
	        "bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",
	        "bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",
	        "bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",
	        "bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"
         },
      "net":
         {
            "emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
            "bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
            "firehol":"https://iplists.firehol.org/files/firehol_level1.netset",
            "kor":"https://www.okean.com/sinokoreacidr.txt",
            "cn":"https://www.okean.com/chinacidr.txt",
	        "ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",
	        "pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",
	        "sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",
	        "cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"
         }
   }
}

Prerequisites

  • ipset
  • shorewall
apt install ipset shorewall

Installing

git clone

git clone https://git.k3nny.fr/Tools/ipset_updater.git

install cron task

./install.sh

launch for first time

./ipset_update.sh

Using in shorewall

Add these rules in /etc/shorewall/rules :

DROP		net:+blacklist	$FW
DROP		net:+blacklist_ipv4	$FW
DROP		net:+blacklist_net	$FW
DROP		$FW			net:+blacklist
DROP		$FW			net:+blacklist_net
DROP		$FW			net:+blacklist_ipv4