Generate ShoreWall blacklist from Spamhaus and DShield

I wrote a bash script to automatically generate Shorewall blacklist from Spamhaus drop list and dshield.org’s block list .

Do not run this script automatically if ssh is the only mean you connect to your server, because you can accidentally blacklist yourself. And you may not run it more often then once per hour due to spamhaus limitation.

#!/bin/sh

echo "#ADDRESS/SUBNET         PROTOCOL        PORT" > /tmp/blacklist
wget  -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.0t/ { print $1 "/24";}' >> /tmp/blacklist
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}// { print $1;}' >> /tmp/blacklist
echo "#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE" >> /tmp/blacklist
mv /tmp/blacklist /etc/shorewall/blacklist

shorewall refresh &>/dev/null

I also use fail2ban to generate dynamic shorewall ban list.

UPDATE: And don’t forget enable blacklist option in /etc/shorewall/shorewall.conf

BLACKLIST_DISPOSITION=DROP
  • You requiere to enable “blacklist” option to a network interface in /etc/shorewall/interfaces, something like:

    /etc/shorewall/interfaces
    eth0 detect blacklist

  • TuxNux

    thank, very good script

  • Tom123

    It is still working great! 🙂

  • jp

    awk: cmd. line:1: /^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}// { print $1;}
    awk: cmd. line:1: ^ syntax error

    I’m getting the above err. =[