From 486ba23627fd7f8bd2a1c8a1f19d37729b787b72 Mon Sep 17 00:00:00 2001
From: "Jason D. McCormick" <jason@mfamily.org>
Date: Sat, 24 Sep 2022 10:08:24 -0400
Subject: initial

---
 firehol2nft      | 37 +++++++++++++++++++++++++++++++++++++
 firehol2nft-load | 21 +++++++++++++++++++++
 firehol2nft.cron |  1 +
 3 files changed, 59 insertions(+)
 create mode 100755 firehol2nft
 create mode 100755 firehol2nft-load
 create mode 100644 firehol2nft.cron

diff --git a/firehol2nft b/firehol2nft
new file mode 100755
index 0000000..0bcfacf
--- /dev/null
+++ b/firehol2nft
@@ -0,0 +1,37 @@
+#!/usr/bin/perl -w
+
+use Getopt::Std;
+
+getopts("f:");
+
+if(!defined($opt_f)){
+	print STDERR "Usage: firehol2nft -f FILE\n";
+	exit 1;
+}
+
+if(! -f $opt_f){
+	print STDERR "No such file: " . $opt_f . "\n";
+	exit 1;
+}
+
+print "add table inet firehol\n";
+print "flush table inet firehol\n";
+print "add table inet firehol {\n";
+print "\tset addr-set-firehol-drop {\n";
+print "\t\ttype ipv4_addr\n";
+print "\t\tflags interval\n";
+print "\t\telements = {\n";
+open(IN,"<" . $opt_f) or die("$!");
+while(<IN>){
+	next if(m/^#/);
+	chomp($_);
+	printf("\t\t\t%s,\n", $_);
+}
+close(IN);
+print "\t\t}\n";
+print "\t}\n";
+print "\tchain INPUT {\n";
+print "\t\ttype filter hook input priority filter - 2; policy accept;\n";
+print "\t\tip saddr \@addr-set-firehol-drop drop\n";
+print "\t}\n";
+print "}\n";
diff --git a/firehol2nft-load b/firehol2nft-load
new file mode 100755
index 0000000..5325553
--- /dev/null
+++ b/firehol2nft-load
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+PATH=/usr/bin:/usr/sbin:/bin:/sbin
+
+FIREHOL=`mktemp`
+wget -q -O $FIREHOL https://iplists.firehol.org/files/firehol_level1.netset
+if [ $? != 0 ]; then
+	echo "ERROR: Could not download file"
+	exit 1
+fi
+
+/usr/local/sbin/firehol2nft -f $FIREHOL > /etc/nftables-firehol.conf 
+if [ $? != 0 ]; then
+	echo "ERROR"
+	exit 1
+fi
+
+rm $FIREHOL
+
+nft -f /etc/nftables-firehol.conf
+exit $?
diff --git a/firehol2nft.cron b/firehol2nft.cron
new file mode 100644
index 0000000..da41f9e
--- /dev/null
+++ b/firehol2nft.cron
@@ -0,0 +1 @@
+49 * * * * root /usr/local/sbin/firehol2nft-load
-- 
cgit v1.2.3