#!/usr/bin/env bash
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2024 - License: GNU GPLv3      ##
###########################################################################
# Downloads GreenSnow attack IP list and adds all the networks to ipset. ##
###########################################################################
## Possible firewall configuration:
## Delete all the old rules.
#I=`/sbin/iptables-save | grep -- "-A INPUT -j GREENSNOW"`
#O=`/sbin/iptables-save | grep -- "-A OUTPUT -j GREENSNOW"`
#if [ ! -z "$I" ] || [ ! -z "$O" ]; then
#    /sbin/iptables -F GREENSNOW
#    /sbin/iptables -X GREENSNOW
#fi
#if [ ! -z "$I" ]; then
#    /sbin/iptables -D INPUT -j GREENSNOW
#fi
#if [ ! -z "$O" ]; then
#    /sbin/iptables -D OUTPUT -j GREENSNOW
#fi
## Create the chain again and add all the new rules.
#/sbin/iptables -N GREENSNOW
#/sbin/iptables -I INPUT 1 -j GREENSNOW
#/sbin/iptables -I OUTPUT 1 -j GREENSNOW
#/sbin/iptables -A GREENSNOW -p all -m set --match-set GREENSNOW src,dst -j DROP
## Continue with the rest.
#/sbin/iptables -A GREENSNOW -j RETURN
###########################################################################

`ipset list GREENSNOW 2>/dev/null >/dev/null`
if [ $? = 1 ]; then
    ipset create GREENSNOW hash:net maxelem 262144 family inet
fi
ipset flush GREENSNOW

while read LINE; do
    grep -E -vq "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$" <<< "${LINE}"
    if [ $? -eq 0 ]; then
        continue
    fi
    printf %s "add GREENSNOW ${LINE}" | ipset restore -exist
done <<< $(curl -s -L https://blocklist.greensnow.co/greensnow.txt)

</code>

====== Block BotScout Bots ======

[[https://botscout.com/|BotScout]] is an online service that tracks bots that automatically register accounts on various websites or post spam messages. The script below can be copied to ''/etc/cron.hourly'' in order to generate an ipset of all the IP addresses reported by BotScout.

<file bash create-botscout-ipset>
#!/usr/bin/env bash
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2024 - License: GNU GPLv3      ##
###########################################################################
# Downloads botscout IP list and adds all the networks to ipset.         ##
###########################################################################
## Possible firewall configuration:
## Delete all the old rules.
#I=`/sbin/iptables-save | grep -- "-A INPUT -j BOTSCOUT"`
#O=`/sbin/iptables-save | grep -- "-A OUTPUT -j BOTSCOUT"`
#if [ ! -z "$I" ] || [ ! -z "$O" ]; then
#    /sbin/iptables -F BOTSCOUT
#    /sbin/iptables -X BOTSCOUT
#fi
#if [ ! -z "$I" ]; then
#    /sbin/iptables -D INPUT -j BOTSCOUT
#fi
#if [ ! -z "$O" ]; then
#    /sbin/iptables -D OUTPUT -j BOTSCOUT
#fi
## Create the chain again and add all the new rules.
#/sbin/iptables -N BOTSCOUT
#/sbin/iptables -I INPUT 1 -j BOTSCOUT
#/sbin/iptables -I OUTPUT 1 -j BOTSCOUT
#/sbin/iptables -A BOTSCOUT -p all -m set --match-set BOTSCOUT src,dst -j DROP
## Continue with the rest.
#/sbin/iptables -A BOTSCOUT -j RETURN
###########################################################################

`ipset list BOTSCOUT 2>/dev/null >/dev/null`
if [ $? = 1 ]; then
    ipset create BOTSCOUT hash:net maxelem 262144 family inet
fi
ipset flush BOTSCOUT

while read LINE; do
    grep -E -vq "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$" <<< "${LINE}"
    if [ $? -eq 0 ]; then
        continue
    fi
    printf %s "add BOTSCOUT ${LINE}" | ipset restore -exist
done <<< $(curl -s -L https://iplists.firehol.org/files/botscout.ipset)