Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ### Variables
- # Binaries
- GREP=`which grep`
- SORT=`which sort`
- MKDIR=`which mkdir`
- WHOIS=`which whois`
- AWK=`which awk`
- SED=`which sed`
- CAT=`which cat`
- TAIL=`which tail`
- CURL=`which curl`
- declare -a REQUISITES=("whois" "ipcalc ")
- TMP='tmp' # TMP directory
- RAW='raw.txt' # Source file
- ASSHOLES="$TMP/imbecils.txt" # List of lamers
- CIDR="$TMP/cidr" # List of ranges in CIDR format
- NONCIDR="$TMP/noncidr" # List of ranges in a non-CIDR format
- WHITELIST='whitelist.txt'
- MY_IP=''
- MY_RANGE=''
- declare -a PRIVATE_RANGES=("10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16")
- ### Functions
- # Discard other text than IP addresses from a given file ($1) and
- # save them into $2
- function checkOsFamily {
- OSFAMILY=""
- OSFAMILY=`$GREP "^ID=" /etc/os-release | $AWK -F= {'print $2'}`
- if [[ "$OSFAMILY" = "centos" ]]
- then PACKAGE_MANAGER="yum"
- elif [[ "$OSFAMILY" = "debian" ]] || [[ "$OSFAMILY" = "raspbian" ]]
- then PACKAGE_MANAGER="dpkg"
- fi
- }
- function checkRequisites {
- checkOsFamily
- for i in "${REQUISITES[@]}"
- do
- if [[ $PACKAGE_MANAGER == "dpkg" ]]
- then
- $PACKAGE_MANAGER -s $i > /dev/null 2>&1
- RESULT=$?
- elif [[ $PACKAGE_MANAGER == "yum" ]]
- then
- $PACKAGE_MANAGER list installed $i
- RESULT=$?
- fi
- if [ $RESULT -ne 0 ]
- then
- echo "$i is not installed. Avorting."
- exit 1
- fi
- done
- if [ ! -f $RAW ]
- then
- echo "$RAW file not found"
- exit 1
- fi
- }
- function getIp {
- $GREP -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $1 > $2
- }
- function printDone {
- echo "done"
- }
- ### Main
- mkdir -p $TMP
- checkRequisites
- echo -n "Looking for IP's… "
- getIp $RAW $ASSHOLES
- $SORT -u $ASSHOLES -o $ASSHOLES
- printDone
- # Do a whois query for each one
- echo -n "Doing a whois (it might take a while)… "
- while IFS='' read -r IP || [[ -n "$IP" ]]; do
- whois -H $IP > $TMP/ip-$IP
- done < "$ASSHOLES"
- printDone
- # Some of IP maintainers publish their ranges using both CIDR and
- # non-CIDR formats, so we have to fetch ranges twice
- echo -n "Parsing IP's… "
- $AWK '/route/ && /\// {print $NF}' $TMP/ip-* > $CIDR
- $AWK '/-/ && /NetRange/ {print $2" "$3" "$4}' $TMP/ip-* > $NONCIDR
- # Convert ranges into CIDR format
- while IFS='' read -r RANGE || [[ -n "$RANGE" ]]; do
- ipcalc $RANGE | $TAIL -n +2 >> $CIDR
- done < "$NONCIDR"
- $SORT $CIDR -o $CIDR
- printDone
- # Exclude non-routable IPs
- for i in "${PRIVATE_RANGES[@]}"
- do
- $GREP -v $i $CIDR > $CIDR-tmp
- mv $CIDR-tmp $CIDR
- done
- # Exclude white-listed IPs
- while IFS='' read -r WHITELISTED || [[ -n "$WHITELISTED" ]]; do
- $GREP -v $WHITELISTED $CIDR > $CIDR-tmp
- mv $CIDR-tmp $CIDR
- done < "$WHITELIST"
- # Exlude my own range
- MY_IP=`$CURL --silent ipinfo.io/ip` # Get my IP
- MY_RANGE=`$WHOIS -H $MY_IP | $AWK '/route/ && /\// {print $NF}'`
- while IFS='' read -r WHITELISTED || [[ -n "$WHITELISTED" ]]; do
- $GREP -v $MY_RANGE $CIDR > $CIDR-tmp
- mv $CIDR-tmp $CIDR
- done < "$WHITELIST"
- # Create iptables strings
- echo -n "Creating Iptables chains… "
- $SED -i -e 's/^/-A INPUT -s /' $CIDR
- $SED -i -e 's/$/ -j DROP/' $CIDR
- # Remove duplicates if any
- $SORT -u $CIDR -o $CIDR
- printDone
- echo "Please append below chains to your Iptables:"
- $CAT $CIDR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement