1
0
Fork 0
ipset_updater/README.md

2.3 KiB

ipset updater

Bash + Python ipset list updater from a JSON list of ipv4 and subnets

{
   "lists":{
      "ipv4":
         {
            "spamhaus":"https://www.spamhaus.org/drop/drop.txt",
            "blocklist":"https://lists.blocklist.de/lists/all.txt",
	    "stopforumspam":"https://iplists.firehol.org/files/stopforumspam.ipset",
	    "haley_ssh":"https://iplists.firehol.org/files/haley_ssh.ipset",
	    "blocklist_ssh":"https://iplists.firehol.org/files/blocklist_de_ssh.ipset",
	    "bi_any_0_1d":"https://iplists.firehol.org/files/bi_any_0_1d.ipset",
	    "bi_any__1_7d":"https://iplists.firehol.org/files/bi_any_1_7d.ipset",
	    "bi_any_2_1d":"https://iplists.firehol.org/files/bi_any_2_1d.ipset",
	    "bi_any_2_30d":"https://iplists.firehol.org/files/bi_any_2_30d.ipset",
	    "bi_any_2_7d":"https://iplists.firehol.org/files/bi_any_2_7d.ipset"
         },
      "net":
         {
            "emerging":"https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
            "bogons":"https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
            "firehol":"https://iplists.firehol.org/files/firehol_level1.netset",
            "kor":"https://www.okean.com/sinokoreacidr.txt",
            "cn":"https://www.okean.com/chinacidr.txt",
	    "ru":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_ru.netset",
	    "pk":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_pk.netset",
	    "sa":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_sa.netset",
	    "cn2":"https://iplists.firehol.org/files/ip2location_country/ip2location_country_cn.netset"
         }
   }
}

Prerequisites

  • ipset
  • shorewall
  • python requests
apt install ipset shorewall python python-requests

Installing

git clone

git clone https://git.k3nny.fr/Tools/ipset_updater.git

install cron task

./install.sh

launch for first time

./ipset_update.sh

Using in shorewall

Add these rules in /etc/shorewall/rules :

DROP		net:+blacklist	$FW
DROP		net:+blacklist_ipv4	$FW
DROP		net:+blacklist_net	$FW
DROP		$FW			net:+blacklist
DROP		$FW			net:+blacklist_net
DROP		$FW			net:+blacklist_ipv4