Why not add the possibility to add an IP blacklist?
Manually or by list.
This is a Simple script i originally find on the IPFire forum that i have adapted to work on NS.
In order to make it work i need to add the blacklist option in /etc/shorewall/interfaces
nano /etc/shorewall/interfaces
(in my case)
# Force GREEN + RED mode with only one interface
net eth0 dhcp,nosmurfs,optionalto:
# Force GREEN + RED mode with only one interface
net eth0 dhcp,nosmurfs,optional,blacklistAt the moment (as the script config) the resulting blacklist is of about 15.300 IP.
But you can easly add or remove lists.
Hope this help. 
The script:
#!/bin/bash -
###########################################################################
# 2014-03-03 by burningpenguin: scriptblacklistip
#
# add blocked IPs to the firewall to not be accessed from green/blue
###########################################################################
# 2014-03-03 initial version
# 2014-12-13 adjustments by Garp
# 2014-12-28 adjustments by Garp (blocklists added)
# 2014-12-29 Garp: Remove yoyo Ads, they are being blocked by using the
# hostsfile and the url filter
# 2016-03-03 jackyes: Adde some list and adapted to work on NethServer
# (NOTE: add blacklist option to interface in /etc/shorewall/interfaces)
#
###########################################################################
# usage
# extend by adding this section per blacklist url
# #get list from ??service??
# printf "\n Get files: ??service???"
# wget -O - http:???url??? > /etc/sysconfig/blacklisttmp
# cat /etc/sysconfig/blacklisttmp >> /etc/sysconfig/blacklist
#
#
###########################################################################
mkdir /root/blacklist
rm -rf /root/blacklist/*
#get list from dan.me.uk torlist
##Download once @ max 30 min or be banned!
printf "\n Get files: TOR node list"
wget -O - --no-check-certificate https://www.dan.me.uk/torlist/ > /root/blacklist/blacklisttorlist
cat /root/blacklist/blacklisttorlist >> /root/blacklist/blacklist
#get list from CIA-Army
printf "\n Get files: CIA-Army"
wget -O - http://cinsscore.com/list/ci-badguys.txt > /root/blacklist/blacklistcibadguys
cat /root/blacklist/blacklistcibadguys >> /root/blacklist/blacklist
#get list from malc0de
printf "\n Get files: malc0de"
wget -O - http://malc0de.com/bl/IP_Blacklist.txt > /root/blacklist/blacklistmalc0de
cat /root/blacklist/blacklistmalc0de >> /root/blacklist/blacklist
#get list from mailwaredomains
printf "\n Get files: mailwaredomains"
wget -O - http://www.malwaredomainlist.com/hostslist/ip.txt > /root/blacklist/blacklistmalwaredomains
cat /root/blacklist/blacklistmalwaredomains >> /root/blacklist/blacklist
#get list from openbl.org
printf "\n Get files: OpenBL 7 days"
wget -O - http://www.openbl.org/lists/base_7days.txt > /root/blacklist/blacklistopen7days
cat /root/blacklist/blacklistopen7days >> /root/blacklist/blacklist
#get list from emergingthreats
printf "\n Get files: EmergingThreats Compromised IPs"
wget -O - http://rules.emergingthreats.net/blockrules/compromised-ips.txt > /root/blacklist/blacklistemercompr
cat /root/blacklist/blacklistemercompr >> /root/blacklist/blacklist
#get list from emergingthreats
printf "\n Get files: EmergingThreats Block IPs"
wget -O - --no-check-certificate https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt > /root/blacklist/blacklistemerblock
cat /root/blacklist/blacklistemerblock >> /root/blacklist/blacklist
#get list from palevotracker
printf "\n Get files: palevo"
wget -O - --no-check-certificate https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist > /root/blacklist/blacklistpalevo
cat /root/blacklist/blacklistpalevo >> /root/blacklist/blacklist
#get list from feodotracker Blocklist
printf "\n Get files: Feodo A"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=ipblocklist > /root/blacklist/blacklistfeodoa
cat /root/blacklist/blacklistfeodoa >> /root/blacklist/blacklist
#get list from feodotracker BadIPS
printf "\n Get files: Feodo BadIPS"
wget -O - --no-check-certificate https://feodotracker.abuse.ch/blocklist/?download=badips > /root/blacklist/blacklistfeodob
cat /root/blacklist/blacklistfeodob >> /root/blacklist/blacklist
#get list from zeustracker
printf "\n Get files: zeus"
wget -O - --no-check-certificate https://zeustracker.abuse.ch/blocklist.php?download=badips > /root/blacklist/blacklistzeus
cat /root/blacklist/blacklistzeus >> /root/blacklist/blacklist
#get list from blacklist.de - all.txt
##VERY BIG!!
#printf "\n Get files: blacklistede all"
#wget -O - http://lists.blocklist.de/lists/all.txt > /root/blacklist/blacklistblall
#cat /root/blacklist/blacklistblall >> /root/blacklist/blacklist
#get list from blacklist.de - apache.txt
##VERY BIG!!
#printf "\n Get files: blacklistede apache"
#wget -O - http://lists.blocklist.de/lists/apache.txt > /root/blacklist/blacklistblapache
#cat /root/blacklist/blacklistblapache >> /root/blacklist/blacklist
#get list from blacklist.de - imap.txt
printf "\n Get files: blacklistede imap"
wget -O - http://lists.blocklist.de/lists/imap.txt > /root/blacklist/blacklistblimap
cat /root/blacklist/blacklistblimap >> /root/blacklist/blacklist
#get list from blacklist.de - ssh.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/ssh.txt > /root/blacklist/blacklistblssh
cat /root/blacklist/blacklistblssh >> /root/blacklist/blacklist
#get list from blacklist.de - bruteforcelogin.txt
printf "\n Get files: blacklistede ssh"
wget -O - http://lists.blocklist.de/lists/bruteforcelogin.txt > /root/blacklist/blacklistblbfl
cat /root/blacklist/blacklistblbfl >> /root/blacklist/blacklist
printf "\n Amount of lines in TOR list %s \n" `cat /root/blacklist/blacklisttorlist | wc -l`
rm -rf /root/blacklist/blacklisttorlist
printf "\n Amount of lines in CIA-Badguys %s \n" `cat /root/blacklist/blacklistcibadguys | wc -l`
rm -rf /root/blacklist/blacklistcibadguys
printf "\n Amount of lines in malc0de %s \n" `cat /root/blacklist/blacklistmalc0de | wc -l`
rm -rf /root/blacklist/blacklistmalc0de
printf "\n Amount of lines in MalwareDomains %s \n" `cat /root/blacklist/blacklistmalwaredomains | wc -l`
rm -rf /root/blacklist/blacklistmalwaredomains
printf "\n Amount of lines in OpenBL 7 days list %s \n" `cat /root/blacklist/blacklistopen7days | wc -l`
rm -rf /root/blacklist/blacklistopen7days
printf "\n Amount of lines in EmergingThreats Compomised IP's %s \n" `cat /root/blacklist/blacklistemercompr | wc -l`
rm -rf /root/blacklist/blacklistemercompr
printf "\n Amount of lines in EmergingThreats Block IP's %s \n" `cat /root/blacklist/blacklistemerblock | wc -l`
rm -rf /root/blacklist/blacklistemerblock
#printf "\n Amount of lines in SpyEye %s \n" `cat /root/blacklist/blacklistspyeye | wc -l`
#rm -rf /root/blacklist/blacklistspyeye
printf "\n Amount of lines in Palevo %s \n" `cat /root/blacklist/blacklistpalevo | wc -l`
rm -rf /root/blacklist/blacklistpalevo
printf "\n Amount of lines in Feodo A %s \n" `cat /root/blacklist/blacklistfeodoa | wc -l`
rm -rf /root/blacklist/blacklistfeodoa
#printf "\n Amount of lines in Blacklist.de apache %s \n" `cat /root/blacklist/blacklistblapache | wc -l`
#rm -rf /root/blacklist/blacklistblapache
printf "\n Amount of lines in Blacklist.de imap %s \n" `cat /root/blacklist/blacklistblimap | wc -l`
rm -rf /root/blacklist/blacklistblimap
printf "\n Amount of lines in Blacklist.de ssh %s \n" `cat /root/blacklist/blacklistblssh | wc -l`
rm -rf /root/blacklist/blacklistblssh
printf "\n Amount of lines in Blacklist.de bruteorcelogin %s \n" `cat /root/blacklist/blacklistblbfl | wc -l`
rm -rf /root/blacklist/blacklistblbfl
#printf "\n Amount of lines in Blacklist.de all %s \n" `cat /root/blacklist/blacklistblall | wc -l`
#rm -rf /root/blacklist/blacklistblall
printf "\n Amount of lines in Feodo B %s \n" `cat /root/blacklist/blacklistfeodob | wc -l`
rm -rf /root/blacklist/blacklistfeodob
printf "\n Amount of lines in Zeus %s \n" `cat /root/blacklist/blacklistzeus | wc -l`
rm -rf /root/blacklist/blacklistzeus
# Insert any ip for your own testing pleasure
cat /root/blacklist/testbl >> /root/blacklist/blacklist
printf "\n Amount of lines in test list %s \n" `cat /root/blacklist/testbl | wc -l`
#check amount of lines before sorting and cleanup
printf "\n Amount of lines in the combined blacklist before any cleanup is done %s \n" `cat /root/blacklist/blacklist | wc -l`
printf "\n Sort ip's and make them unique"
cat /root/blacklist/blacklist | sort | uniq > /root/blacklist/blacklisttmp1
printf "\n Remove comments etc."
egrep -v '(^[[:space:]]*/|^[[:space:]]*#|^[[:space:]]*$)|/[0-9]|\:|/g' /root/blacklist/blacklisttmp1 > /root/blacklist/blacklisttmp2
# RD remove dakje-M from some IP's if it exists
sed 's/\r//g' /root/blacklist/blacklisttmp2 > /root/blacklist/blacklisttmp3
##Remove non ipv4 line
sed -rn '/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])/p' /root/blacklist/blacklisttmp3 > /root/blacklist/blacklist
#check amount of lines after sorting and clean-up
printf "\n Amount of lines in blacklisttmp2 %s \n" `cat /root/blacklist/blacklisttmp2 | wc -l`
#check amount of lines after removing Windows line ends in downloaded files
printf "\n Amount of lines in blacklisttmp3 %s \n" `cat /root/blacklist/blacklisttmp3 | wc -l`
#check amount of lines after removing non ipv4 line
printf "\n Amount of lines in final blacklist %s \n" `cat /root/blacklist/blacklist | wc -l`
rm -rf /etc/shorewall/blacklist
cp /root/blacklist/blacklist /etc/shorewall/blacklist
shorewall refresh &>/dev/nullresult:
Amount of lines in TOR list 6973
Amount of lines in CIA-Badguys 897
Amount of lines in malc0de 147
Amount of lines in MalwareDomains 1428
Amount of lines in OpenBL 7 days list 862
Amount of lines in EmergingThreats Compomised IP's 1152
Amount of lines in EmergingThreats Block IP's 1554
Amount of lines in Palevo 16
Amount of lines in Feodo A 537
Amount of lines in Blacklist.de imap 1097
Amount of lines in Blacklist.de ssh 1627
Amount of lines in Blacklist.de bruteorcelogin 1143
Amount of lines in Feodo B 12
Amount of lines in Zeus 140
Amount of lines in the combined blacklist before any cleanup is done 17585
Sort ip's and make them unique
Remove comments etc.
Amount of lines in final blacklist 15310