#!/bin/sh # create ipset ipset create ustc_blacklist_v4 hash:ip --exist ipset create ustc_blacklist_v4_net hash:net --exist ipset create ustc_blacklist_v6 hash:ip --exist ipset create ustc_blacklist_v6_net hash:net --exist # flush ipset ipset flush ustc_blacklist_v4 ipset flush ustc_blacklist_v4_net ipset flush ustc_blacklist_v6 ipset flush ustc_blacklist_v6_net # delete data if exist [ -f "blacklist_ustc.txt" ] && rm blacklist_ustc.txt wget http://blackip.ustc.edu.cn/list.php?txt -O blacklist_ustc.txt # get wget command status if [ $? -eq 0 ] then echo "Blacklist file downloaded." # processing data echo "Processing data..." python3 proceed.py # add the host foreach in file to ipset # ipv4 echo "Processing ipv4 list." for addr in `cat dst/ipv4_list.txt` do ipset add ustc_blacklist_v4 $addr done echo "finshed." # ipv4_net echo "Processing ipv4 net list." for addr in `cat dst/ipv4_net_list.txt` do ipset add ustc_blacklist_v4_net $addr done echo "finshed." # ipv6 echo "Processing ipv6 list." for addr in `cat dst/ipv6_list.txt` do ipset add ustc_blacklist_v6 $addr done echo "finshed." # ipv6 net echo "Processing ipv6 net list." for addr in `cat dst/ipv6_net_list.txt` do ipset add ustc_blacklist_v6_net $addr done echo "finshed." else echo "Failed to fetch the blacklist file." fi # config iptables iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4 src --jump DROP iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4_net src --jump DROP iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6 src --jump DROP iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6_net src --jump DROP # echo echo "iptable updated." echo "listing options..." iptables --table filter --list --line-numbers