Skip to content

Instantly share code, notes, and snippets.

@Brainiarc7

Brainiarc7/badips.sh

Created December 26, 2016 23:29
Show Gist options
  • Save Brainiarc7/1f6103d07767c381be1acee0e9fdab26 to your computer and use it in GitHub Desktop.
Save Brainiarc7/1f6103d07767c381be1acee0e9fdab26 to your computer and use it in GitHub Desktop.
Download ZIP
Script to add IPs from https://www.badips.com/ to iptables. It has an associated spinner function for user feedback. Be sure to mind / update your Paths as necessary.
Raw
badips.sh
#!/opt/bin/bash
# Script for blocking IPs which have been reported to www.badips.com
# Usage: Just execute by e.g. cron every day
# ---------------------------
_ipt=/sbin/iptables # Location of iptables (might be correct)
_input=badips.db # Name of database (will be downloaded with this name)
_pub_if=eth0 # Device which is connected to the internet (ex. $ifconfig for that)
_droplist=badip-droplist # Name of chain in iptables (Only change this if you have already a chain with this name)
_level=4 # Blog level: not so bad/false report (0) over confirmed bad (3) to quite aggressive (5) (see www.badips.com for that)
_service=any # Logged service (see www.badips.com for that)
# SPINNER
logfile=/tmp/mylog
echo >$logfile
trap "rm -f $logfile" EXIT
# Output message to log file.
function log_msg()
{
echo "$*" >>$logfile
}
# SPINNER
# Start spinner
bash /root/scripts/bashSpinner/spinner2.sh &
log_msg "Downloading IP List . . ."
cd /tmp
# Get the bad IPs
wget -qO- http://www.badips.com/get/list/${_service}/$_level > $_input || { echo "$0: Unable to download ip list."; exit 1; }
### Setup our black list ###
log_msg "Unlink existing chain . . ."
# Finally, insert or append our black list
$_ipt -D DEFAULT_INPUT -j $_droplist
#$_ipt -D DEFAULT_OUTPUT -j $_droplist
#$_ipt -D DEFAULT_FORWARD -j $_droplist
# First flush the droplist, then delete it.
log_msg "Flushing $_droplist . . ."
$_ipt -F $_droplist
log_msg "Deleting $_droplist . . ."
$_ipt -X $_droplist
log_msg "(Re)Creating $_droplist . . ."
$_ipt -N $_droplist
# Filter out comments and blank lines
# store each ip in $ip
# Get number of entries for feedback percentage
tLen=`cat $_input | wc -l`
i=0
pct=0
for ip in `cat $_input`
do
let i+=1
let pct=$((100*$i/$tLen))
# Append everything to $_droplist
$_ipt -A $_droplist -i ${_pub_if} -s $ip -j DROP
log_msg "Appending IPs ... $pct% complete"
done
log_msg "Linking chain . . ."
# Finally, link our black list
$_ipt -I INPUT -j $_droplist
#$_ipt -I OUTPUT -j $_droplist
#$_ipt -I FORWARD -j $_droplist
#log_msg "Finished - Sleeping for 10 seconds . . ."
#sleep 10
#echo
exit 0
Raw
spinner2.sh
#!/opt/bin/bash
logfile=/tmp/mylog
logsize=0
spinpause=0.10
linelen=0
# Output last line from log file.
function lastout()
{
local line=$(tail -n 1 $logfile 2>/dev/null)
if [[ "$line" ]]; then
echo -n " $line"
# Erase any extra from last line.
local len
let len=$linelen-${#line}
while [[ $len -gt 0 ]]
do
echo -n " "
let len--
done
linelen=${#line}
fi
}
# Output a spin character.
function spinout()
{
local spinchar="$1"
local sz
local ll
if [[ -f $logfile ]]; then
echo -n -e "\r$spinchar"
sleep $spinpause
# Check for new message.
sz=$(stat --printf '%s' $logfile 2>/dev/null)
if [[ $sz -gt $logsize ]]; then
lastout
logsize=$sz
fi
fi
}
if [[ -f $logfile ]]; then
logsize=$(stat --printf '%s' $logfile 2>/dev/null)
if [[ $logsize -gt 0 ]]; then
echo -n " "
lastout
fi
while [[ -f $logfile ]]
do
spinout "/"
spinout "-"
spinout "\\"
spinout "|"
spinout "/"
spinout "-"
spinout "\\"
spinout "|"
done
echo
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment