Hi,
I would like to create a shell script that will be called periodically (cron) to download and import lists of blacklisted IPs (e.g. those from iblocklist.com) into iptables' ipsets.
It should do some basic error handling (retry failed downloads) and sanity tests (e.g. check for empty blacklist)
Here's a quick sample:
if [[ "$(curl http://.../blacklist.txt.gz -z blacklist.txt.gz -o blacklist.txt.gz -s -L -w %{http_code})" == "200" ]];
then
echo "successful download of new version of blacklist.txt.gz";
echo "start import blacklist.txt.gz into ipset";
(for ip in $(zcat blacklist.txt.gz|sed -n '/^[0-9]/p'); do ipset -q add blacklist $ip -exist; done);
else
echo "file blacklist.txt.gz unchanged";
fi
Has anyone written such a script that he can share? (a bit of googling turned up some, but they seemed too simplistic).