#!/bin/bash### Variables# BinariesGREP=`which grep`SORT=`which sort`MKDIR=

1. #!/bin/bash
2.  
3. ### Variables
4. # Binaries
5. GREP=`which grep`
6. SORT=`which sort`
7. MKDIR=`which mkdir`
8. WHOIS=`which whois`
9. AWK=`which awk`
10. SED=`which sed`
11. CAT=`which cat`
12. TAIL=`which tail`
13. CURL=`which curl`
14.  
15. declare -a REQUISITES=("whois" "ipcalc ")
16.  
17. TMP='tmp' # TMP directory
18. RAW='raw.txt' # Source file
19. ASSHOLES="$TMP/imbecils.txt" # List of lamers
20. CIDR="$TMP/cidr" # List of ranges in CIDR format
21. NONCIDR="$TMP/noncidr" # List of ranges in a non-CIDR format
22. WHITELIST='whitelist.txt'
23. MY_IP=''
24. MY_RANGE=''
25.  
26. declare -a PRIVATE_RANGES=("10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16")
27.  
28. ### Functions
29. # Discard other text than IP addresses from a given file ($1) and
30. # save them into $2
31. function checkOsFamily {
32. OSFAMILY=""
33. OSFAMILY=`$GREP "^ID=" /etc/os-release | $AWK -F= {'print $2'}`
34. if [[ "$OSFAMILY" = "centos" ]]
35. then PACKAGE_MANAGER="yum"
36. elif [[ "$OSFAMILY" = "debian" ]] || [[ "$OSFAMILY" = "raspbian" ]]
37. then PACKAGE_MANAGER="dpkg"
38. fi
39. }
40.  
41. function checkRequisites {
42. checkOsFamily
43.  
44. for i in "${REQUISITES[@]}"
45. do
46. if [[ $PACKAGE_MANAGER == "dpkg" ]]
47. then
48. $PACKAGE_MANAGER -s $i > /dev/null 2>&1
49. RESULT=$?
50.  
51. elif [[ $PACKAGE_MANAGER == "yum" ]]
52. then
53. $PACKAGE_MANAGER list installed $i
54. RESULT=$?
55.  
56. fi
57. if [ $RESULT -ne 0 ]
58. then
59. echo "$i is not installed. Avorting."
60. exit 1
61. fi
62.  
63. done
64.  
65. if [ ! -f $RAW ]
66. then
67. echo "$RAW file not found"
68. exit 1
69. fi
70. }
71.  
72. function getIp {
73. $GREP -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $1 > $2
74. }
75.  
76. function printDone {
77. echo "done"
78. }
79.  
80. ### Main
81.  
82. mkdir -p $TMP
83.  
84. checkRequisites
85.  
86. echo -n "Looking for IP's… "
87. getIp $RAW $ASSHOLES
88. $SORT -u $ASSHOLES -o $ASSHOLES
89. printDone
90.  
91. # Do a whois query for each one
92. echo -n "Doing a whois (it might take a while)… "
93. while IFS='' read -r IP || [[ -n "$IP" ]]; do
94. whois -H $IP > $TMP/ip-$IP
95. done < "$ASSHOLES"
96. printDone
97.  
98. # Some of IP maintainers publish their ranges using both CIDR and
99. # non-CIDR formats, so we have to fetch ranges twice
100. echo -n "Parsing IP's… "
101. $AWK '/route/ && /\// {print $NF}' $TMP/ip-* > $CIDR
102. $AWK '/-/ && /NetRange/ {print $2" "$3" "$4}' $TMP/ip-* > $NONCIDR
103.  
104. # Convert ranges into CIDR format
105. while IFS='' read -r RANGE || [[ -n "$RANGE" ]]; do
106. ipcalc $RANGE | $TAIL -n +2 >> $CIDR
107. done < "$NONCIDR"
108. $SORT $CIDR -o $CIDR
109. printDone
110.  
111. # Exclude non-routable IPs
112. for i in "${PRIVATE_RANGES[@]}"
113. do
114. $GREP -v $i $CIDR > $CIDR-tmp
115. mv $CIDR-tmp $CIDR
116. done
117.  
118. # Exclude white-listed IPs
119. while IFS='' read -r WHITELISTED || [[ -n "$WHITELISTED" ]]; do
120. $GREP -v $WHITELISTED $CIDR > $CIDR-tmp
121. mv $CIDR-tmp $CIDR
122. done < "$WHITELIST"
123.  
124. # Exlude my own range
125. MY_IP=`$CURL --silent ipinfo.io/ip` # Get my IP
126. MY_RANGE=`$WHOIS -H $MY_IP | $AWK '/route/ && /\// {print $NF}'`
127.  
128. while IFS='' read -r WHITELISTED || [[ -n "$WHITELISTED" ]]; do
129. $GREP -v $MY_RANGE $CIDR > $CIDR-tmp
130. mv $CIDR-tmp $CIDR
131. done < "$WHITELIST"
132.  
133.  
134. # Create iptables strings
135. echo -n "Creating Iptables chains… "
136. $SED -i -e 's/^/-A INPUT -s /' $CIDR
137. $SED -i -e 's/$/ -j DROP/' $CIDR
138. # Remove duplicates if any
139. $SORT -u $CIDR -o $CIDR
140. printDone
141.  
142. echo "Please append below chains to your Iptables:"
143. $CAT $CIDR