blocklist.pl 5.16 KiB
#!/usr/bin/perl
use strict; use warnings;
################################################################
###### Script to check Blocklist.de list. Block new IP ######
###### and unblock deleted entrys ######
################################################################
## config ##
my $listUrl = "http://lists.blocklist.de/lists/all.txt";
my $fileName = "Blocklist.txt";
my $tmpDir = "/tmp";
my $file = "$tmpDir/$fileName";
## binarys ##
my $iptables = "/sbin/iptables";
my $ipset = "/usr/sbin/ipset";
my $grep = "/bin/grep";
my $rm = "/bin/rm";
my $wget = "/usr/bin/wget";
## plain variables ##
my($row, $Blocklist, $line, $check, $checkLine, $result, $output, $ipRegex);
my ($added, $removed, $skipped);
$added = $removed = $skipped = 0;
## init arrays ##
my @fileArray = ();
my @ipsetArray = ();
## init hashes for faster searching
my %ipsetArray;
my %fileArray;
#****************************#
#*********** MAIN ***********#
#****************************#
&iptablesCheck();
&getFileArray();
&getIpsetArray();
&addIpsToBlocklist();
&remIpsFromBlocklist();
&cleanup();
exit;
#***** END MAIN *****#
#****************************#
#******* Subroutines ********#
#****************************#
############# iptablesCheck ###############
## checks if all necessary ##
## iptable/ipset Settings have been set ##
###########################################
sub iptablesCheck {
## Do we have an BLOCKLIST/DROP Chain?
if (`$iptables -L -n | $grep BLOCKLIST` =~ m/Chain BLOCKLIST/) {
} else {
print "Creating Chain BLOCKLIST \n";
`$iptables -N BLOCKLIST`;
`$iptables -A BLOCKLIST -m limit --limit 2/min -j LOG --log-prefix "Blocklist Dropped: " --log-level 4`;
`$iptables -A BLOCKLIST -j DROP`;
}
## Do we have an ipset list called blocklist?