#!/bin/bash

set -e

get_ips() {
	curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$(curl -s icanhazip.com | grep_ip)" | sed '/^#/d' | grep_ip
}

grep_ip() {
	grep -Eo "([0-9]{1,3}[\.]){3}[0-9]{1,3}"
}

ipset flush tor || true
ipset create -exist tor iphash

get_ips | sed 's#^#add tor #' | ipset restore

iptables -I INPUT -m set --match-set tor src -j REJECT --reject-with icmp-admin-prohibited