I run Ubuntu 20.04 and already have ufw firewall working with the addition of a script from

https://github.com/stamparm/ipsum/

The script goes simply:

/usr/sbin/ipset -q flush ipsum/usr/sbin/ipset -q create ipsum hash:net/bin/bash -c 'for ip in $(/usr/bin/curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | /usr/bin/grep -v "#" | /usr/bin/grep -v -E "\s[1-2]$" | /usr/bin/cut -f 1); doipset add ipsum $ip; done'/usr/sbin/iptables -I INPUT -m set --match-set ipsum src -j DROP

Would there be a simple way to add some of Firehol's lists to that script?

I've read quite a bit of Firehol's docs but everything seems to depend on the /etc/firehol.conf and for me going through configuring different interfaces and multiple services seems a complicated, unnecessary (because I block everything already by default only allowing specific stuff) and most of all risky on a server that's already running quite a few services. What I don't want is blocking services that should not be.

Seems to me there should be a simpler way, inspired by the above script that runs without problems on my server, to create ipsets from Firehol's lists and just do a iptables -I INPUT -m set --match-set new_ipset src -j DROP.

Anyway I'll keep looking but suggestions welcomed.

Found solution if anybody interested...

From this link: http://iplists.firehol.org/?ipset=firehol_level3 I can download a list of level3 blacklisted IPs (around 50k IPs) which seems to be a list of the most aggressive ones.

Then wrote a small script:

rm firehol_level3.netset wgethttps://iplists.firehol.org/files/firehol_level3.netset my_file=$(cat firehol_level3.netset |grep -v "#") ipset -q flush fireh for row_data in $my_file; do ipset add fireh ${row_data}; done iptables -I INPUT -m set --match-set fireh src -j DROP

and voila, job done.

For those who might want more there's also https://github.com/firehol/blocklist-ipsets which provides text files (if you download raw) of all lists.