#!/bin/sh
#######################################################################
#Script Name: fwdloadabipdb
#Version: 1.3
#Description: Script to auto load 90% list of abuse ips from 
#AbuseIPDB
#Last Modify Date: 01062021
#Author:Brent Dacus
#Email:brent[at]thedacus[dot]net
#######################################################################
#                       Variables                                     #
#######################################################################
abuseipdb_key=c13866e213ef23a0fbf2c57cd6474d63477dda0767a2a088249de1151f269157c48ab70a4dc0c531
RULE4="7 -m set --match-set abuseipdb4 src -j DROP"
RULE6="7 -m set --match-set abuseipdb6 src -j DROP"
# Check if the rule exists in permanent configuration
EXISTING4_RULES=$(firewall-cmd --permanent --direct --get-rules ipv4 filter INPUT)
EXISTING6_RULES=$(firewall-cmd --permanent --direct --get-rules ipv6 filter INPUT)
#######################################################################
#                       Main                                          #
#######################################################################
## get new abuesipdb ip4 server list
curl -o /tmp/abuseipdb4_file -G https://api.abuseipdb.com/api/v2/blacklist \
  -d ipVersion=4 \
  -d confidenceMinimum=90 \
  -H "Key: $abuseipdb_key" \
  -H "Accept: text/plain"

/usr/sbin/ipset flush abuseipdb4
firewall-cmd --delete-ipset abuseipdb4 --permanent
firewall-cmd --permanent --new-ipset abuseipdb4 --type=hash:net --option=family=inet --option=hashsize=1048576 --option=maxelem=1048576
if echo "$EXISTING4_RULES" | grep -q "$RULE4"; then
    echo "AbuseIPDB4 rule already exists."
else
    echo "AbuseIPDB4 rule missing. Adding rule..."
    firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT $RULE4
    firewall-cmd --reload
    echo "AbuseIPDB4 rule added and firewall reloaded."
fi
firewall-cmd --permanent --ipset abuseipdb4 --add-entries-from-file=/tmp/abuseipdb4_file
firewall-cmd --reload

## get new abuesipdb ipv6 server list
curl -o /tmp/abuseipdb6_file -G https://api.abuseipdb.com/api/v2/blacklist \
  -d ipVersion=6 \
  -d confidenceMinimum=90 \
  -H "Key: $abuseipdb_key" \
  -H "Accept: text/plain"

/usr/sbin/ipset flush abuseipdb6
firewall-cmd --delete-ipset abuseipdb6 --permanent
firewall-cmd --permanent --new-ipset abuseipdb6 --type=hash:net --option=family=inet6 --option=hashsize=1048576 --option=maxelem=1048576
if echo "$EXISTING6_RULES" | grep -q "$RULE6"; then
    echo "AbuseIPDB6 rule already exists."
else
    echo "AbuseIPDB6 rule missing. Adding rule..."
    firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT $RULE6
    firewall-cmd --reload
    echo "AbuseIPDB6 rule added and firewall reloaded."
fi
firewall-cmd --permanent --ipset abuseipdb6 --add-entries-from-file=/tmp/abuseipdb6_file
firewall-cmd --reload

## clean up and remove temp file
rm -rf /tmp/abuseipdb*

exit 0