#!/bin/bash
###############################################################
# Script de Firewall
# Funcao: Baixar a DROP LIST da Spamhaus e aplicar as regras
#         com o iptables
# Autor: Dailson Fernandes - contato@dailson.com.br
# Data: 10/06/2008
# Obs: Este script esta sob a GNU/GPL
#      http://www.dailson.com.br
################################################################
# Apaga os arquivos atuais
rm -f drop.lasso* black_list

# Baixa a nova versao e gera o arquivo
wget http://www.spamhaus.org/drop/drop.lasso ; cat drop.lasso | cut -d" " -f1 | tr -d ";" | grep -v "^$" > black_list

# Ordena e retira ips repetidos
echo "$(sort black_list | uniq )" > black_list

# Aplica as regras ao Iptables
for ip in `cat black_list`
do
    iptables -I FORWARD -p tcp -s $ip -j DROP
    iptables -I FORWARD -p udp -s $ip -j DROP
    iptables -I INPUT -p tcp -s $ip -j DROP
    iptables -I INPUT -p udp -s $ip -j DROP
done