diff --git a/baf_script.sh b/baf_script.sh
new file mode 100755
index 0000000..ab707ad
--- /dev/null
+++ b/baf_script.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -euo pipefail
+
+git pull --no-rebase
+echo "Last update:"
+git log --pretty -n1
+echo
+
+file=firewall_blocklist
+
+echo '# Automatically generated portion beginning, do not touch  # AUTOGEN' > $file
+
+echo "config rule  # AUTOGEN" >> $file
+echo "    option name 'BLOCKLIST src'  # AUTOGEN" >> $file
+echo "    list proto 'all'  # AUTOGEN" >> $file
+echo "    option src '*'  # AUTOGEN" >> $file
+iplist=$(cat blocklist.txt)
+for ip in $iplist
+do
+    echo "    list src_ip '$ip'  # AUTOGEN" >> $file
+done
+echo "    option dest '*'  # AUTOGEN" >> $file
+echo "    option target 'DROP'  # AUTOGEN" >> $file
+
+echo "  # AUTOGEN" >> $file
+
+echo "config rule  # AUTOGEN" >> $file
+echo "    option name 'BLOCKLIST dest'  # AUTOGEN" >> $file
+echo "    list proto 'all'  # AUTOGEN" >> $file
+echo "    option src '*'  # AUTOGEN" >> $file
+echo "    option dest '*'  # AUTOGEN" >> $file
+iplist=$(cat blocklist.txt)
+for ip in $iplist
+do
+    echo "    list dest_ip '$ip'  # AUTOGEN" >> $file
+done
+echo "    option target 'DROP'  # AUTOGEN" >> $file
+
+echo '# Automatically generated portion ending. Contact tumik for changes.  # AUTOGEN' >> $file
+
+scp firewall_blocklist fw2-baf:/etc/config/firewall_blocklist
+ssh fw2-baf "grep -v '# AUTOGEN' /etc/config/firewall > /etc/config/firewall_base"
+ssh fw2-baf "cat /etc/config/firewall_base /etc/config/firewall_blocklist > /etc/config/firewall"
+ssh fw2-baf "/etc/init.d/firewall reload"
+echo "fw2-baf updated"
+#
+scp firewall_blocklist fw1-baf:/etc/config/firewall_blocklist
+ssh fw1-baf "grep -v '# AUTOGEN' /etc/config/firewall > /etc/config/firewall_base"
+ssh fw1-baf "cat /etc/config/firewall_base /etc/config/firewall_blocklist > /etc/config/firewall"
+ssh fw1-baf "/etc/init.d/firewall reload"
+echo "fw1-baf updated"