Hello,
as several guys were looking for ....
maybe anyone wants to use that script in his firewall config
USE AT YOUR OWN RISK !
here a link, on which you will find a very good solution for huge long IP list. .....
https://n0where.net/iptables-blacklist-script/
(package ipset needed, but normally included on each image)
if you want it based on IP tables only ... see below
INSTALL:
1.) simply add that script at the end of your /etc/firewall,costumer
(via luci you can go to: Menu -.> Network -> firewall - tab: "Custom Rules")
2.) create your wanted blocked IP list copy it to: /etc/config/firewall.blacklist.ip
(simly the format is (1 per line):
1.2.3.4
2.2.2.2/24
3.2.2.2
....
....
Thats it !
##################################################################
#---------------- BLOCKING(DROP) blacklisted IP's ------------------------------------------
BLACKLIST=/etc/config/firewall.blacklist.ip
EXTERNAL_DEVICE=3g-4G
BLACKLIST_SOURCE="https://lists.blocklist.de/lists/all.txt"
#cleanup if already existing rules
iptables -F BLOCKING_IP &> /dev/null
iptables -D INPUT -i "${EXTERNAL_DEVICE}" -j BLOCKING_IP &> /dev/null
iptables -D FORWARD -i "${EXTERNAL_DEVICE}" -j BLOCKING_IP &> /dev/null
#creating rules
iptables -N BLOCKING_IP &> /dev/null
iptables -I INPUT -i "${EXTERNAL_DEVICE}" -j BLOCKING_IP &> /dev/null
iptables -I FORWARD -i "${EXTERNAL_DEVICE}" -j BLOCKING_IP &> /dev/null
# Block abusing IPs from ${BLACKLIST}
if [[ -f "${BLACKLIST}" ]] && [[ -s "${BLACKLIST}" ]]; then
echo " FIREWALL - Blocking ABUSIVE IP's"
cat ${BLACKLIST} | cut -f1 -d "#" | \
while read IP
do
#while read IP; do
echo " FIREWALL - Blocking IP:${IP}"
iptables -I BLOCKING_IP -s "${IP}" -j DROP
done
fi
cu camel
(Last edited by camro on 28 Nov 2016, 23:06)