#!/bin/sh
#
## don't forget to update ipfw.rules:
#
# sshbl_whitelist="92.240.244.25,194.160.5.130,87.197.159.3"
#
# $fw add 700 skipto 702 tcp from $sshbl_whitelist to any 22
# $fw add 701 $deny tcp from table\(22\) to any 22 keep-state
#
# johnny ^_^ <johnny@netvor.sk>
# 2010-03-26
# kofolaware (http://netvor.sk/~johnny/kofola-ware)
#

SOURCES="http://www.sshbl.org/lists/base_30days.txt http://netvor.sk/~johnny/sshbl.krabica http://netvor.sk/~johnny/sshbl.non-ripe" 
TABLE=22
LIST="/tmp/sshbl.$$.txt"


echo ""
echo "Updating sshbl:"

rc=0

for SOURCE in $SOURCES 
do
	# fetch sshbl list
	/usr/bin/fetch -q -o $LIST $SOURCE

	if [ "$?" -ne "0" ]; then
		echo "update failed (fetch $SOURCE)"
		rc=2
		continue
	fi

	if [ ! -f "$LIST" ]; then
		echo "update failed (file $SOURCE)"
		rc=2
		continue
	fi 

	# insert every ip address from list into ipfw table $TABLE
	cat $LIST | grep '^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}$' | sort | uniq | xargs -n 1 /sbin/ipfw -q table $TABLE add 
done

# cleanup
rm $LIST

exit $rc