automatic emerging threats iptables blocklist

Can be run from cron every night to make sure you keep those pesky hackers out.

Can be run from cron every night to make sure you keep those pesky hackers out.

#!/bin/bash

URL="https://rules.emergingthreats.net/fwrules/emerging-IPTABLES-ALL.rules"
IPTABLES="/sbin/iptables"

######### Config ends here!

_etbl=$(basename $URL)

case $1 in

    stop)

        $IPTABLES -D FORWARD -j ETBLOCKLIST
        $IPTABLES -D INPUT -j ETBLOCKLIST

        $IPTABLES -D LOGNDROP -j LOG --log-level 4 --log-prefix "ET BLOCK: "
        $IPTABLES -D LOGNDROP -j DROP

        $IPTABLES -F LOGNDROP
        $IPTABLES -F ETBLOCKLIST

        $IPTABLES -X LOGNDROP
        $IPTABLES -X ETBLOCKLIST

        ;;

    start)

        if [[ ! -f /tmp/etblacklist.txt ]] ; then

            echo "blacklist file missing, maybe run update first?"
            exit 1
        fi

        $IPTABLES -N ETBLOCKLIST
        $IPTABLES -N LOGNDROP

        $IPTABLES -I FORWARD 1 -j ETBLOCKLIST
        $IPTABLES -I INPUT 1 -j ETBLOCKLIST

        $IPTABLES -A LOGNDROP -j LOG --log-level 4 --log-prefix "ET BLOCK: "
        $IPTABLES -A LOGNDROP -j DROP

        source /tmp/etblacklist.txt

        ;;

        update)

            wget -O /dev/null -o /dev/null $URL --directory-prefix=/tmp/

        if [[ $? -eq 0 ]] ; then

            grep 'A ETBLOCKLIST' /tmp/${_etbl} > /tmp/etblacklist.txt
            bash $0 stop
            bash $0 start

        else
            echo "Failed to download ${URL}"
        fi

        ;;

	*)

		echo "$0 [start/stop/update]"

        ;;
esac