DSHIELD & iptables

vi /etc/apt/sources.list
++
deb-src ftp://ftp.at.debian.org/debian/ unstable main contrib

aptitude update
aptitude install module-assistant xtables-addons-source

module-assistant auto-install xtables-addons-source

vi /etc/getbadips.sh
++
#!/bin/bash
wget -O - -q 'http://www.dshield.org/ipsascii.html?limit=10000' | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | cut -f1 | sed -e 's/^0\+\([0-9]\)/\1/; s/\.0\+\([0-9]\)/.\1/g' > /etc/badips.txt

touch /etc/badips.txt

chmod 770 /etc/getbadips.sh

vi /etc/init.d/blacklist.sh
++
#!/bin/bash
ipset -N DSHIELD iphash --hashsize 2304
if [ -f "/etc/badips.txt" ]
then
for BAD_IP in `cat /etc/badips.txt`
do
ipset -A DSHIELD $BAD_IP
done
else
echo "Can't read badips.txt Please make sure that it exsists and that it is writable."
fi
iptables -I INPUT -m set --set DSHIELD src -j DROP

chmod 770 /etc/init.d/blacklist.sh

update-rc.d blacklist.sh start 20 2 3 4 5 . stop 20 0 1 6 .

watch "iptables -L -v | grep DSHIELD"