#!/usr/bin/env bash
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2020 - License: GNU GPLv3      ##
###########################################################################
# Downloads from emergingthreats.net and adds all the networks to ipset. ##
###########################################################################
## Possible firewall configuration:
## Delete all the old rules.
#I=`/sbin/iptables-save | grep -- "-A INPUT -j EMERGING-THREATS"`
#O=`/sbin/iptables-save | grep -- "-A OUTPUT -j EMERGING-THREATS"`
#if [ ! -z "$I" ] || [ ! -z "$O" ]; then
#    /sbin/iptables -F EMERGING-THREATS
#    /sbin/iptables -X EMERGING-THREATS
#fi
#if [ ! -z "$I" ]; then
#    /sbin/iptables -D INPUT -j EMERGING-THREATS
#fi
#if [ ! -z "$O" ]; then
#    /sbin/iptables -D OUTPUT -j EMERGING-THREATS
#fi
## Create the chain again and add all the new rules.
#/sbin/iptables -N EMERGING-THREATS
#/sbin/iptables -I INPUT 1 -j EMERGING-THREATS
#/sbin/iptables -I OUTPUT 1 -j EMERGING-THREATS
#/sbin/iptables -A EMERGING-THREATS -p all -m set --match-set EMERGING-THREATS src,dst -j DROP
## Continue with the rest.
#/sbin/iptables -A EMERGING-THREATS -j RETURN
###########################################################################

`ipset list EMERGING-THREATS 2>/dev/null >/dev/null`
if [ $? = 1 ]; then
    ipset create EMERGING-THREATS hash:net family inet
fi
ipset flush EMERGING-THREATS
for net in `curl -s http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt | \
    egrep '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/*[0-9]{0,2}'`; do
    ipset add EMERGING-THREATS $net
done