#!/usr/bin/env python3 import subprocess def block_ip(ip, is_ipv6=False): if is_ipv6: subprocess.run(['ip6tables', '-A', 'INPUT', '-s', ip, '-j', 'DROP']) subprocess.run(['ip6tables', '-A', 'FORWARD', '-s', ip, '-j', 'DROP']) else: subprocess.run(['iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP']) subprocess.run(['iptables', '-A', 'FORWARD', '-s', ip, '-j', 'DROP']) def block_subnet(subnet, is_ipv6=False): if is_ipv6: subprocess.run(['ip6tables', '-A', 'INPUT', '-s', subnet, '-j', 'DROP']) subprocess.run(['ip6tables', '-A', 'FORWARD', '-s', subnet, '-j', 'DROP']) else: subprocess.run(['iptables', '-A', 'INPUT', '-s', subnet, '-j', 'DROP']) subprocess.run(['iptables', '-A', 'FORWARD', '-s', subnet, '-j', 'DROP']) def save_rules(is_ipv6=False): if is_ipv6: subprocess.run(['ip6tables-save'], stdout=open('/etc/iptables/rules.v6', 'w')) else: subprocess.run(['iptables-save'], stdout=open('/etc/iptables/rules.v4', 'w')) def main(): ips = [ # Shodan '64.227.90.185', '66.240.192.138', '66.240.205.34', '66.240.219.146', '66.240.219.173', '66.240.236.119', '71.6.135.131', '71.6.146.130', '71.6.146.185', '71.6.147.198', '71.6.147.254', '71.6.158.166', '71.6.165.200', '71.6.167.142', '71.6.199.23', '80.82.77.139', '80.82.77.33', '85.25.103.50', '85.25.43.94', '89.248.167.131', '89.248.172.16', '93.120.27.62', '93.174.95.106', '94.102.49.190', '94.102.49.193', '104.18.12.238', '104.18.13.238', '137.184.13.100', '137.184.180.190', '137.184.9.17', '137.184.94.133', '143.198.50.234', '165.227.55.4', '185.142.236.34', '185.142.236.35', '185.142.236.36', '185.142.236.40', '185.142.236.43', '185.142.239.16', '185.165.190.17', '185.165.190.34', '188.138.9.50', '195.144.21.56', '198.20.69.74', '198.20.69.98', '198.20.70.114', '198.20.99.130', '209.126.110.38', '216.117.2.180' ] subnets = [ # Censys '74.120.14.0/24', '162.142.125.0/24', '167.94.138.0/24', '167.94.145.0/24', '167.94.146.0/24', '167.248.133.0/24', '199.45.154.0/24', '199.45.155.0/24', '192.35.168.0/23', # Shodan '198.20.69.96/29', '198.20.70.112/29', '198.20.87.96/29', '198.20.99.128/29', # ShadowServer '64.62.202.96/27', '66.220.23.112/29', '74.82.47.0/26', '184.105.139.64/26', '184.105.143.128/26', '184.105.247.192/26', '216.218.206.64/26', '141.212.0.0/16', # PAN Expanse '144.86.173.0/24' ] ipv6_ips = [ # Shodan '2606:4700::6812:cee', '2606:4700::6812:dee', '2604:a880:800:10::99:7001', '2606:4700::6812:cee', '2606:4700::6812:dee', '2604:a880:4:1d0::50d:8000', '2604:a880:4:1d0::725:0' ] ipv6_subnets = [ # Censys '2602:80d:1000:b0cc:e::/80', '2620:96:e000:b0cc:e::/80' ] for ip in ips: block_ip(ip) for subnet in subnets: block_subnet(subnet) for ipv6_ip in ipv6_ips: block_ip(ipv6_ip, is_ipv6=True) for ipv6_subnet in ipv6_subnets: block_subnet(ipv6_subnet, is_ipv6=True) save_rules() save_rules(is_ipv6=True) if __name__ == "__main__": main()