12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- #!/bin/sh
- # create ipset
- ipset create ustc_blacklist_v4 hash:ip --exist
- ipset create ustc_blacklist_v4_net hash:net --exist
- ipset create ustc_blacklist_v6 hash:ip --exist
- ipset create ustc_blacklist_v6_net hash:net --exist
- # flush ipset
- ipset flush ustc_blacklist_v4
- ipset flush ustc_blacklist_v4_net
- ipset flush ustc_blacklist_v6
- ipset flush ustc_blacklist_v6_net
-
- # delete data if exist
- [ -f "blacklist_ustc.txt" ] && rm blacklist_ustc.txt
- wget http://blackip.ustc.edu.cn/list.php?txt -O blacklist_ustc.txt
-
- # get wget command status
- if [ $? -eq 0 ]
- then
- echo "Blacklist file downloaded."
- # processing data
- echo "Processing data..."
- python3 proceed.py
- # add the host foreach in file to ipset
- # ipv4
- echo "Processing ipv4 list."
- for addr in `cat dst/ipv4_list.txt`
- do
- ipset add ustc_blacklist_v4 $addr
- done
- echo "finshed."
- # ipv4_net
- echo "Processing ipv4 net list."
- for addr in `cat dst/ipv4_net_list.txt`
- do
- ipset add ustc_blacklist_v4_net $addr
- done
- echo "finshed."
- # ipv6
- echo "Processing ipv6 list."
- for addr in `cat dst/ipv6_list.txt`
- do
- ipset add ustc_blacklist_v6 $addr
- done
- echo "finshed."
- # ipv6 net
- echo "Processing ipv6 net list."
- for addr in `cat dst/ipv6_net_list.txt`
- do
- ipset add ustc_blacklist_v6_net $addr
- done
- echo "finshed."
- else
- echo "Failed to fetch the blacklist file."
- fi
-
- # config iptables
- iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4 src --jump DROP
- iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4_net src --jump DROP
- iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6 src --jump DROP
- iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6_net src --jump DROP
- # echo
- echo "iptable updated."
- echo "listing options..."
- iptables --table filter --list --line-numbers
|