starlight_0208
/
iptable-autoconf


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							#!/bin/sh

# create ipset
ipset create ustc_blacklist_v4 hash:ip --exist
ipset create ustc_blacklist_v4_net hash:net --exist
ipset create ustc_blacklist_v6 hash:ip --exist
ipset create ustc_blacklist_v6_net hash:net --exist
# flush ipset             
ipset flush ustc_blacklist_v4
ipset flush ustc_blacklist_v4_net
ipset flush ustc_blacklist_v6
ipset flush ustc_blacklist_v6_net
                                                    
# delete data if exist                                            
[ -f "blacklist_ustc.txt" ] && rm blacklist_ustc.txt              
wget http://blackip.ustc.edu.cn/list.php?txt -O blacklist_ustc.txt
                         
# get wget command status
if [ $? -eq 0 ]                      
then                                       
    echo "Blacklist file downloaded."      
    # processing data                      
    echo "Processing data..."              
    python3 proceed.py                     
    # add the host foreach in file to ipset
    # ipv4
    echo "Processing ipv4 list."
    for addr in `cat dst/ipv4_list.txt`                    
    do                                        
        ipset add ustc_blacklist_v4 $addr        
    done
    echo "finshed."
    # ipv4_net
    echo "Processing ipv4 net list."
    for addr in `cat dst/ipv4_net_list.txt`                    
    do                                        
        ipset add ustc_blacklist_v4_net $addr        
    done
    echo "finshed."
    # ipv6
    echo "Processing ipv6 list."
    for addr in `cat dst/ipv6_list.txt`                    
    do                                        
        ipset add ustc_blacklist_v6 $addr        
    done
    echo "finshed."
    # ipv6 net
    echo "Processing ipv6 net list."
    for addr in `cat dst/ipv6_net_list.txt`                    
    do                                        
        ipset add ustc_blacklist_v6_net $addr        
    done
    echo "finshed."                        
else                                                                                         
    echo "Failed to fetch the blacklist file."                                               
fi                                                                                           
                                                                                             
# config iptables                                                                            
iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4 src --jump DROP
iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4_net src --jump DROP
iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6 src --jump DROP
iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6_net src --jump DROP

# echo
echo "iptable updated."
echo "listing options..."
iptables --table filter --list --line-numbers