#!/bin/bash

ACTION="DROP"

# https://dnslytics.com/bgp/us | bgp

declare -a ASNBLOCKS=()

# Akamai
ASNBLOCKS+=("AS35994" "AS16625" "AS32787" "AS12222" "AS18680")
ASNBLOCKS+=("AS35993" "AS18717" "AS23454" "AS393234" "AS20189")
ASNBLOCKS+=("AS393560" "AS34164" "AS49846")

# Amazon
ASNBLOCKS+=("AS16509" "AS14618" "AS7224" "AS62785" "AS39543" "AS8987")
      
# Facebook
ASNBLOCKS+=("AS32934" "AS63293" "AS54115")

# Google
ASNBLOCKS+=("AS15169" "AS16591" "AS19527" "AS36384" "AS36492")
ASNBLOCKS+=("AS36040" "AS394699" "AS395973" "AS36384")

# Linkedin
ASNBLOCKS+=("AS14413" "AS13443" "AS40793" "AS55163" "AS197612")
ASNBLOCKS+=("AS197613" "AS20049")

# Microsoft
ASNBLOCKS+=("AS8085" "AS3598" "AS8070" "AS8068" "AS12076" "AS6584")
ASNBLOCKS+=("AS23468" "AS8069" "AS63314" "AS395851" "AS396463")

# Pinterest
ASNBLOCKS+=("AS53620")

# Twitter
ASNBLOCKS+=("AS13414" "AS35995")

# Yahoo
ASNBLOCKS+=("AS36647" "AS26101" "AS36646" "AS10310" "AS7233" "AS36088")
ASNBLOCKS+=( "AS26085" "AS5779" "AS7280" "AS14196")

# view
# ipset -L

# Reset iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t filter -F
iptables -t raw -F
iptables -t nat -F
iptables -t mangle -F
ipset -F
ipset -X

# iptables -F
# iptables -Z
# ip6tables -F
# ip6tables -Z

# Create a default IP set  
setname="blocklistA"

# nethash | hash:net | iphash | hash:ip
ipset -N ${setname} hash:net

for ASN in ${ASNBLOCKS[@]};
do
    printf "Adding ASN %s to IP set.\n" ${ASN}

    IPs=`whois -h whois.radb.net \!g${ASN} | grep /`
    # IPs=`whois -h whois.radb.net \!6${ASN} | grep /`

    for IP in ${IPs};
    do
        printf "Adding %s to %s set for %s rule.\n" ${IP} ${setname} ${ACTION}
        ipset -A ${setname} ${IP}
    done
done

for TARGET in INPUT OUTPUT FORWARD;
do
    iptables -A ${TARGET} -p all -m set --match-set ${setname} src,dst -j ${ACTION}
    # ip6tables -A ${TARGET} -p all -m set --match-set ${setname} src,dst -j ${ACTION}
done