gen.py

#!/usr/bin/python3
def Divider(List):
  # We receive a list of the deduplicated items of the CuratedPortsList and return them
  for i in range(0, len(List), 15):
    yield List[i:i + 15]
  
def Generate(List):
  print("""\n# Generated by yet another iptables generator
/usr/sbin/iptables -N HONEYPOT 
/usr/sbin/iptables -A HONEYPOT -j LOG --log-prefix "[iptables honeypot] " --log-level 6 
/usr/sbin/iptables -A HONEYPOT -j DROP """)

  for Block in List:
    # We cannot join a list of integers, so we have to convert items in the list to STR. 
    # Items were previously validated to be integers and within range.
    BlockString = [str(Port) for Port in Block]
    print(f'/usr/sbin/iptables -A INPUT -p tcp --match multiport --dports {",".join(BlockString)} --tcp-flags FIN,SYN,RST,ACK SYN -j HONEYPOT')
  # Let's print iptables config tail

PortList = []
with open('ports.txt') as SourcePortsFile:
  for Line in SourcePortsFile:
    try:
      if int(Line) > 0 and int(Line) < 65535:
        PortList.append(int(Line))
      else:
        print("*** [WARN] - Port " + str(Line.replace("\n","")) + " is not within expected range 1-65535.")
    except:
      print("*** [WARN] - Port " + (Line.replace("\n","")) + " is not a valid port. Ignoring.")


# Cosmetic, let's order the ports before generating the rules
PortList.sort()
# We create a dict from the PortList to remove duplicates.
# Then, we pass this list to the Divider generator which will split it in blocks of 15 and return a generator object
# (15 is the maximum ports in a multiport iptables rule)
# The Generate fuction will receive a list of this chunks and output iptables initialization for the honeypot
Generate(list(Divider(list(dict.fromkeys(PortList)))))
print("")