#!/bin/sh
#
# Using a portion of Monmotha's IPTABLES script,
# read in individual blacklisted ips and ips
# by geographical region.  Specifically, APNIC,
# LACNIC and RIPE. Asia/Pacific, Latin and Central
# america, and Europe respectively.
#
# Format of ipblocks files are:
# a.0.0.0/255.0.0.0:comment
#
PATH=/usr/bin:/bin:/sbin
IPTABLES=/sbin/iptables
blacklisted_ips=/etc/rc.d/block-ip.all
blacklisted_ips_by_region_file="ipblocks-apnic.txt ipblocks-lacnic.txt ipblocks-ripe.txt"

cd /etc/rc.d

if [ -f ${blacklisted_ips} ]; then
	while read line; do
		shost=`echo $line | egrep -e '[[:digit:]]' | sed 's/\:.*$//'`
		echo "Blacklisting ${shost}";
		${IPTABLES} -t filter -A INPUT -s ${shost} -j DROP
		${IPTABLES} -t filter -A FORWARD -s ${shost} -j DROP
	done < ${blacklisted_ips}
fi

for i in ${blacklisted_ips_by_region_file} ; do
  while read line; do
	shost=`echo $line | egrep -e '[[:digit:]]' | sed 's/\:.*$//'`
	echo "Blacklisting by region ${shost}";
	${IPTABLES} -t filter -A INPUT -s ${shost} -j DROP
	${IPTABLES} -t filter -A FORWARD -s ${shost} -j DROP
  done < ${i}
done