My little blocklist

update.sh

#!/bin/bash

BLOCKLIST_FOLDER=blocklists
echo "-------------------------------------------------"
echo "Update blocklist"
echo "Date: $(date --iso-8601=ns)"
echo "-------------------------------------------------"
echo "Download mass_scanner ip blocklist"
curl -sSL https://github.com/stamparm/maltrail/raw/master/trails/static/mass_scanner.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/mass_scanner.list
echo "---"

echo "Download tor ip blocklist"
curl -sSL https://check.torproject.org/torbulkexitlist?ip -o $BLOCKLIST_FOLDER/tor.list
echo "---"

echo "Download phishing-filter ip blocklist"
curl -sSL https://malware-filter.gitlab.io/malware-filter/phishing-filter.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/phishing-filter.list
echo "---"

echo "Download greensnow ip blocklist"
curl -sSL https://blocklist.greensnow.co/greensnow.txt > $BLOCKLIST_FOLDER/greensnow.list
echo "---"

echo "Download CINS ip blocklist"
curl -sSL http://cinsscore.com/list/ci-badguys.txt > $BLOCKLIST_FOLDER/ci.list
echo "---"

echo "Download botvrij ip blocklist"
curl -sSL https://botvrij.eu/data/ioclist.ip-dst | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/botvrij.list
echo "---"

echo "Download ipsum ip blocklist"
curl -sSL https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/ipsum.list | head -n 200 $BLOCKLIST_FOLDER/ipsum.list > $BLOCKLIST_FOLDER/ipsum.list
echo "---"

echo "Download firehol ip blocklist"
curl -sSL https://iplists.firehol.org/files/bi_any_2_7d.ipset | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/firehol.list
echo "---"

echo "Download blocklist.de ip blocklist"
curl -sSL https://lists.blocklist.de/lists/all.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/blde.list
echo "---"

echo "Download Emerging Threats Botnet ip blocklist"
curl -sSL https://rules.emergingthreats.net/open/suricata/rules/botcc.rules | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/etcc.list
echo "---"

echo "Download blackhole monster ip blocklist"
curl -sSL https://ip.blackhole.monster/blackhole-today | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/blackhole_monster.list 
echo "---"

echo "Download binarydefense ip blocklist"
curl -sSL https://www.binarydefense.com/banlist.txt | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/binarydefense.list 
echo "---"

echo "Download Turris ip blocklist"
curl -sSL https://view.sentinel.turris.cz/greylist-data/greylist-latest.csv | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/turris.list 
echo "---"

echo "Download AIP Repeated attackers ip blocklist"
curl -sSL https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_historical_blacklist_prioritized_by_repeated_attackers.csv | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/aip_rep.list 
echo "---"

echo "Download Rulez sk ip blocklist"
curl -sSL http://danger.rulez.sk/projects/bruteforceblocker/blist.php | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > $BLOCKLIST_FOLDER/rulez_sk.list 
echo "---"

echo "Aggregate"
sort -u $BLOCKLIST_FOLDER/*.list > aggregated_blocklist_new.ips 
echo "Old aggregated list size: $(grep -c -v awk aggregated_blocklist.ips)"
echo "New aggregated list size: $(grep -c -v awk aggregated_blocklist_new.ips)"
echo "IP validity filter and blocklist refresh"
grep -E '^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' aggregated_blocklist_new.ips > aggregated_blocklist.ips
echo "Restart haproxy"
cd /opt/infra/external-network-stack
iptables -I INPUT -p tcp --dport 443 --syn -j DROP
sleep 1
docker kill external-network-stack-haproxy-1 
docker rm -f external-network-stack-haproxy-1
docker-compose up -d
iptables -D INPUT -p tcp --dport 443 --syn -j DROP