#!/bin/sh # Author: redhat27, Version 1.2 # snbforums thread: https://www.snbforums.com/threads/yet-another-malware-block-script-using-ipset-v4-and-v6.38935/ urllists=/jffs/ipset_lists/ya-malware-block.url_list # Change to an appropriate download location if needed giturl=https://raw.githubusercontent.com/shounak-de/misc-scripts/master/ya-malware-block.url_list # Different routers got different iptables and ipset syntax case $(ipset -v | grep -o "v[4,6]") in v6) MATCH_SET='--match-set'; CREATE='n'; DESTROY='destroy'; RESTORE='restore'; ADD='add'; SWAP='swap'; IPHASH='hash:ip'; NETHASH='hash:net'; SETNOTFOUND='name does not exist' lsmod | grep -q "xt_set" || for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set; do modprobe $module done;; v4) MATCH_SET='--set'; CREATE='-N'; DESTROY='--destroy'; RESTORE='--restore'; ADD='-A'; SWAP='--swap'; IPHASH='iphash'; NETHASH='nethash'; SETNOTFOUND='Unknown set' lsmod | grep -q "ipt_set" || for module in ip_set ip_set_nethash ip_set_iphash ipt_set; do modprobe $module done;; *) logger -t Firewall "$0: Unknown ipset version. Exiting." && exit 1;; esac [ ! -d $(dirname $urllists) ] && mkdir -p $(dirname $urllists) [ ! -f $urllists ] && wget -q $giturl --no-check-certificate -O $urllists startTS=$(date +%s); logger -t Firewall "$0: Adding malware-block rules to firewall..." && [ -t 1 ] && echo "$0: Adding malware-block rules to firewall..." ipset $SWAP YAMalwareBlock1IP YAMalwareBlock1IP 2>&1 | grep -q "$SETNOTFOUND" && ipset $CREATE YAMalwareBlock1IP $IPHASH ipset $SWAP YAMalwareBlock2IP YAMalwareBlock2IP 2>&1 | grep -q "$SETNOTFOUND" && ipset $CREATE YAMalwareBlock2IP $IPHASH ipset $SWAP YAMalwareBlockCIDR YAMalwareBlockCIDR 2>&1 | grep -q "$SETNOTFOUND" && ipset $CREATE YAMalwareBlockCIDR $NETHASH ipset $DESTROY t1IP &>/dev/null; ipset $DESTROY t2IP &>/dev/null; t3IP &>/dev/null; ipset $DESTROY tCIDR &>/dev/null wget -i $urllists -qO- | sed -n "s/\r//;/^$/d;/^[0-9,\.,\/]*$/p" | awk '!a[$0]++' >/tmp/ya-malware-block.sources (echo "$CREATE tCIDR $NETHASH"; sed -n "/\//s/^/$ADD tCIDR /p" /tmp/ya-malware-block.sources; echo "COMMIT") | nice -n 15 ipset $RESTORE (echo "$CREATE t1IP $IPHASH"; sed -n "/\//!p" /tmp/ya-malware-block.sources | sed -n "1,65535 s/^/$ADD t1IP /p"; echo "COMMIT") | nice -n 15 ipset $RESTORE (echo "$CREATE t2IP $IPHASH"; sed -n "/\//!p" /tmp/ya-malware-block.sources | sed -n "65536,$ s/^/$ADD t2IP /p"; echo "COMMIT") | nice -n 15 ipset $RESTORE ipset $SWAP t1IP YAMalwareBlock1IP; ipset $SWAP t2IP YAMalwareBlock2IP; ipset $SWAP tCIDR YAMalwareBlockCIDR ipset $DESTROY t1IP; ipset $DESTROY t2IP; ipset $DESTROY tCIDR; rm /tmp/ya-malware-block.sources iptables-save | grep -q YAMalwareBlockCIDR || (iptables -I INPUT -m set $MATCH_SET YAMalwareBlockCIDR src -j DROP; iptables -I FORWARD -m set $MATCH_SET YAMalwareBlockCIDR dst -j DROP) iptables-save | grep -q YAMalwareBlock2IP || (iptables -I INPUT -m set $MATCH_SET YAMalwareBlock2IP src -j DROP; iptables -I FORWARD -m set $MATCH_SET YAMalwareBlock2IP dst -j DROP) iptables-save | grep -q YAMalwareBlock1IP || (iptables -I INPUT -m set $MATCH_SET YAMalwareBlock1IP src -j DROP; iptables -I FORWARD -m set $MATCH_SET YAMalwareBlock1IP dst -j DROP) FinalMessage="$0: Loaded sets YAMalwareBlock1IP ($(expr $(ipset -L YAMalwareBlock1IP | wc -l) - 6)), YAMalwareBlock2IP ($(expr $(ipset -L YAMalwareBlock2IP | wc -l) - 6)) and YAMalwareBlockCIDR ($(expr $(ipset -L YAMalwareBlockCIDR | wc -l) - 6)) in $(expr $(date +%s) - $startTS) seconds" logger -t Firewall $FinalMessage && [ -t 1 ] && echo $FinalMessage