Can be run from cron every night to make sure you keep those pesky hackers out.

#!/bin/bash

URL="https://rules.emergingthreats.net/fwrules/emerging-IPTABLES-ALL.rules"
IPTABLES="/sbin/iptables"

######### Config ends here!

_etbl=$(basename $URL)

case $1 in

    stop)

        $IPTABLES -D FORWARD -j ETBLOCKLIST
        $IPTABLES -D INPUT -j ETBLOCKLIST

        $IPTABLES -D LOGNDROP -j LOG --log-level 4 --log-prefix "ET BLOCK: "
        $IPTABLES -D LOGNDROP -j DROP

        $IPTABLES -F LOGNDROP
        $IPTABLES -F ETBLOCKLIST

        $IPTABLES -X LOGNDROP
        $IPTABLES -X ETBLOCKLIST

        ;;

    start)

        if [[ ! -f /tmp/etblacklist.txt ]] ; then

            echo "blacklist file missing, maybe run update first?"
            exit 1
        fi

        $IPTABLES -N ETBLOCKLIST
        $IPTABLES -N LOGNDROP

        $IPTABLES -I FORWARD 1 -j ETBLOCKLIST
        $IPTABLES -I INPUT 1 -j ETBLOCKLIST

        $IPTABLES -A LOGNDROP -j LOG --log-level 4 --log-prefix "ET BLOCK: "
        $IPTABLES -A LOGNDROP -j DROP

        source /tmp/etblacklist.txt

        ;;

        update)

            wget -O /dev/null -o /dev/null $URL --directory-prefix=/tmp/

        if [[ $? -eq 0 ]] ; then

            grep 'A ETBLOCKLIST' /tmp/${_etbl} > /tmp/etblacklist.txt
            bash $0 stop
            bash $0 start

        else
            echo "Failed to download ${URL}"
        fi

        ;;

	*)

		echo "$0 [start/stop/update]"

        ;;
esac

Published by Nimpen J. Nordström

System Developer and Network Security Enthusiast