#!/bin/bash

ACTION="DROP"

# https://dnslytics.com/bgp/us | bgp

declare -a ASNBLOCKS=()

# Akamai
ASNBLOCKS+=("AS35994" "AS16625" "AS32787" "AS12222" "AS18680")
ASNBLOCKS+=("AS35993" "AS18717" "AS23454" "AS393234" "AS20189")
ASNBLOCKS+=("AS393560" "AS34164" "AS49846")

# Amazon
ASNBLOCKS+=("AS16509" "AS14618" "AS7224" "AS62785" "AS39543" "AS8987")

# Facebook
ASNBLOCKS+=("AS32934" "AS63293" "AS54115")

# Google
ASNBLOCKS+=("AS15169" "AS16591" "AS19527" "AS36384" "AS36492")
ASNBLOCKS+=("AS36040" "AS394699" "AS395973" "AS36384")

# Linkedin
ASNBLOCKS+=("AS14413" "AS13443" "AS40793" "AS55163" "AS197612")
ASNBLOCKS+=("AS197613" "AS20049")

# Microsoft
ASNBLOCKS+=("AS8085" "AS3598" "AS8070" "AS8068" "AS12076" "AS6584")
ASNBLOCKS+=("AS23468" "AS8069" "AS63314" "AS395851" "AS396463")

# Pinterest
ASNBLOCKS+=("AS53620")

# Twitter
ASNBLOCKS+=("AS13414" "AS35995")

# Yahoo
ASNBLOCKS+=("AS36647" "AS26101" "AS36646" "AS10310" "AS7233" "AS36088")
ASNBLOCKS+=( "AS26085" "AS5779" "AS7280" "AS14196")

# view
# ipset -L

# Reset iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t filter -F
iptables -t raw -F
iptables -t nat -F
iptables -t mangle -F
ipset -F
ipset -X

# iptables -F
# iptables -Z
# ip6tables -F
# ip6tables -Z

# Create a default IP set
setname="blocklistA"

# nethash | hash:net | iphash | hash:ip
ipset -N ${setname} hash:net

for ASN in ${ASNBLOCKS[@]};
do
   printf "Adding ASN %s to IP set.\n" ${ASN}

   IPs=`whois -h whois.radb.net \!g${ASN} | grep /`
   # IPs=`whois -h whois.radb.net \!6${ASN} | grep /`

   for IP in ${IPs};
   do
       printf "Adding %s to %s set for %s rule.\n" ${IP} ${setname} ${ACTION}
       ipset -A ${setname} ${IP}
   done
done

for TARGET in INPUT OUTPUT FORWARD;
do
   iptables -A ${TARGET} -p all -m set --match-set ${setname} src,dst -j ${ACTION}
   # ip6tables -A ${TARGET} -p all -m set --match-set ${setname} src,dst -j ${ACTION}
done

You are viewing proxied material from zaibatsu.circumlunar.space. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.