3 # Get list of nefarious IP addresses from www.friedersdorff.com/.banned
5 BANNED_HOSTS=$(curl -s https://www.friedersdorff.com/.banned |
6 grep -o -E '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/[[:digit:]]{1,2}')
7 ALLOWED_HOSTS=$(cat /etc/glocker/allowed_hosts)
9 ipset create glocker-tmp hash:net --hashsize 64
10 for host in $(echo $BANNED_HOSTS); do
11 ipset add glocker-tmp $host
14 ipset create -exist glocker hash:net --hashsize 64
15 ipset swap glocker-tmp glocker
16 ipset destroy glocker-tmp
17 echo "IPSet: glocker updated"
19 # Use local list of explicitly allowed IP addresses from the local machine
20 ipset create glocker-tmp hash:net --hashsize 64
21 for host in $(echo $ALLOWED_HOSTS); do
22 ip=$(nslookup $host | tail -n2 | head -n1 | sed 's/Address: //')
23 ipset add glocker-tmp $host
26 ipset create -exist glocker-except hash:net --hashsize 64
27 ipset swap glocker-tmp glocker-except
28 ipset destroy glocker-tmp
29 echo "IPSet: glocker-except updated"