This is just another blocklist2block the BadGuys. Updated every 37 minutes, contains ip v4 & v6 addresses (/32 & /128) and a aggregated list of ipv4 & ipv6 CIDR address spaces.
If more than one attacks in an ipv6 /128 CIDR is registered the net will be aggregated to /64.
BEWARE!! This list contains private address spaces (192.168/16;10/8) and Don’t Route Or Peer Lists, use it only on your internet in/egress.
If you do not know what your are doing, DO NOT COPY and PASTE!
https://www.bytewehr.de/downloads/BadGuys.txt
HowTo Use
# IP IP Set für ipv4
wget https://www.bytewehr.de/downloads/BadGuys.txt -O BadGuys.txt
# Blacklist IPv4 List
ipset destroy ipv4_temp_bw_blacklist 2> /dev/null
ipset create ipv4_temp_bw_blacklist hash:ip hashsize 262142 maxelem 262142
ipset save ipv4_temp_bw_blacklist > ipv4_temp_bw_blacklist.db
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}/[3][2]\b" BadGuys.txt | sed 's/\/32$//g' | while read line; do echo "add ipv4_temp_bw_blacklist $line"; done >> ipv4_temp_bw_blacklist.db
ipset destroy ipv4_temp_bw_blacklist
ipset restore < ipv4_temp_bw_blacklist.db
ipset swap ipv4_temp_bw_blacklist bw_blacklist_ipv4
ipset destroy ipv4_temp_bw_blacklist
iptables -v -I INPUT -m set --match-set bw_blacklist_ipv4 src -j DROP
iptables -v -I OUTPUT -m set --match-set bw_blacklist_ipv4 dst -j DROP
iptables -v -I FORWARD -m set --match-set bw_blacklist_ipv4 src -j DROP
iptables -v -I FORWARD -m set --match-set bw_blacklist_ipv4 dst -j DROP
# Blacklist CIDR List of ipv4 spaces
ipset -N bw_blacklist_netv4 hash:net; ipset -N bw_blacklist_netv4_temp hash:net;
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}\b" BadGuys.txt | grep -v "\/32$" | while read line; do ipset -A bw_blacklist_netv4_temp $line; done
ipset swap bw_blacklist_netv4_temp bw_blacklist_netv4
ipset destroy bw_blacklist_netv4_temp
iptables -v -I INPUT -m set --match-set bw_blacklist_netv4 src -j DROP
iptables -v -I OUTPUT -m set --match-set bw_blacklist_netv4 dst -j DROP
iptables -v -I FORWARD -m set --match-set bw_blacklist_netv4 src -j DROP
iptables -v -I FORWARD -m set --match-set bw_blacklist_netv4 dst -j DROP
# blacklist CIDR List of ipv6 spaces
ipset create bw_blacklist_netv6 hash:net family inet6; ipset create bw_blacklist_netv6_temp hash:net family inet6
grep '::' BadGuys.txt | grep -v "\/128" | while read line; do ipset -A bw_blacklist_netv6_temp $line; done
ipset swap bw_blacklist_netv6_temp bw_blacklist_netv6
ipset destroy bw_blacklist_netv6_temp
ip6tables -v -I INPUT -m set --match-set bw_blacklist_netv6 src -j DROP
ip6tables -v -I OUTPUT -m set --match-set bw_blacklist_netv6 dst -j DROP
ip6tables -v -I FORWARD -m set --match-set bw_blacklist_netv6 src -j DROP
ip6tables -v -I FORWARD -m set --match-set bw_blacklist_netv6 dst -j DROP
# blacklist ipv6 addresses
ipset create bw_blacklist_ipv6 hash:ip family inet6 maxelem 262142; ipset create bw_blacklist_ipv6_temp hash:ip family inet6 maxelem 262142
grep ':' BadGuys.txt | grep "\/128" | while read line; do ipset -A bw_blacklist_ipv6_temp $line; done
ipset swap bw_blacklist_ipv6_temp bw_blacklist_ipv6
ipset destroy bw_blacklist_ipv6_temp
ip6tables -v -I INPUT -m set --match-set bw_blacklist_ipv6 src -j DROP
ip6tables -v -I OUTPUT -m set --match-set bw_blacklist_ipv6 dst -j DROP
ip6tables -v -I FORWARD -m set --match-set bw_blacklist_ipv6 src -j DROP
ip6tables -v -I FORWARD -m set --match-set bw_blacklist_ipv6 dst -j DROP