From e5a415d24a7730c6bd5afa101f63952636d45771 Mon Sep 17 00:00:00 2001
From: Stefatorus <stefanluciandeleanu@gmail.com>
Date: Wed, 20 Oct 2021 14:13:53 +0300
Subject: [PATCH] Finished initial firewall implementation. Untested

---
 Tools/firewall.sh | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Tools/firewall.sh b/Tools/firewall.sh
index 19e2333..cb1c373 100644
--- a/Tools/firewall.sh
+++ b/Tools/firewall.sh
@@ -43,6 +43,7 @@ graylist_unverified=15
 
 
 country-list="https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/"
+safety-list="https://api.entryrise.com/minewall/"
 
 wgetd="wget -q -c --retry-connrefused -t 0"
 
@@ -59,12 +60,23 @@ ipset -N -! mw_graylist hash:net maxelem 10000
 ipset -N -! mw_whitelist hash:net maxelem 10000
 
 
+ 
+echo "Generating whitelist for the firewall..."
+for ip in $(curl $safety-list/{wireless,residential,business}.iplist); do
+  ipset -A mw_whitelist $ip
+done
  # Create the graylist of safer countries. It's really important for the base check.
  echo "Generating graylist for the firewall..."
- for ip in $(curl $country-list/{ro,ua,tr,nl,de}.cidr); do
+ for ip in $(curl $country-list/{ro,hu,gb,au,dk,bg,ie,pt,gr}.cidr); do
   ipset -A mw_graylist $ip
  done
- echo "Graylist finished generating."
+
+echo "Generating blacklist for firewall."
+for ip in $(curl $safety-list/{others}.iplist); do
+  ipset -A mw_blacklist $ip
+done
+#
+# The blacklist makes sure any "smart bots" are blocked in time on your server after a while.
  
 # Off the table just allow the whitelisted users and drop the blacklisted ones.
 $iptables -A MineWall -p tcp --dport $protect_port -m set --match-set mw_whitelist src -j ACCEPT