Created
August 19, 2013 07:48
-
-
Save flyfire/6266612 to your computer and use it in GitHub Desktop.
import-to-firewall
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '######################################################################## | |
| ' netsh advfirewall firewall - Details on the command here: http://technet.microsoft.com/en-us/library/dd734783(WS.10).aspx | |
| ' To be run on Windows Vista/7/Server 2008/2008R2 only | |
| ' IP data supplied by ipdeny.com | |
| '######################################################################## | |
| Dim objShell | |
| set objShell=CreateObject("Wscript.shell") | |
| '######################################################################## | |
| ' This URL has the IP lists | |
| '######################################################################## | |
| objURLpre = "http://ipinfodb.com/country_query.php?country=" | |
| objURLpost = "&output=iptables&filename=blocklist.txt" | |
| '######################################################################## | |
| 'Firewall Rule | |
| '######################################################################## | |
| rulename = "AllSites HTTP " | |
| '######################################################################## | |
| 'Local IPs to Protect | |
| 'list all IPs that you want to protect | |
| ' format them as either single IPs, 123.123.123.123 | |
| ' IP blocks, 123.123.123.123/24 | |
| ' IP ranges, 123.0.0.0-123.255.255.255 | |
| ' with a comma separating them | |
| '######################################################################## | |
| serverIPs = "199.119.176.70-199.119.176.126,199.119.177.2-199.119.177.11,199.119.177.13-199.119.177.28" | |
| '######################################################################## | |
| 'Remote IPs per Rule, Its recommended to keep this at 200 | |
| 'You can try higher numbers, but the script might error on you | |
| '######################################################################## | |
| percommand=200 | |
| '######################################################################## | |
| 'Zone files to pull from | |
| 'If there are countries not listed here, visit ipdeny.com, to add them | |
| '######################################################################## | |
| Dim arrayzone(22) | |
| arrayzone(0) = "AF" 'Afghanistan | |
| arrayzone(1) = "CN" 'China | |
| arrayzone(2) = "DZ" 'Algeria | |
| arrayzone(3) = "HK" 'Hong Kong | |
| arrayzone(4) = "IN" 'India | |
| arrayzone(5) = "IQ" 'Iraq | |
| arrayzone(6) = "KZ" 'KAZAKHSTAN | |
| arrayzone(7) = "NG" 'Nigeria | |
| arrayzone(8) = "PA" 'Panama | |
| arrayzone(9) = "RU" 'Russia | |
| arrayzone(10) = "RO" 'Romania | |
| arrayzone(11) = "UA" 'Ukraine | |
| arrayzone(12) = "TW" 'Taiwain | |
| arrayzone(13) = "ID" 'Indonesia | |
| arrayzone(14) = "BG" 'Bulgaria | |
| arrayzone(15) = "VN" 'Vietnam | |
| arrayzone(16) = "SK" 'Slovakia | |
| arrayzone(17) = "MD" 'Moldova | |
| arrayzone(18) = "TR" 'Turkey | |
| arrayzone(19) = "PH" 'Philippines | |
| arrayzone(20) = "BR" 'Brazil | |
| arrayzone(21) = "LV" 'Latvia | |
| For each URL in arrayzone | |
| '######################################################################## | |
| 'Get IPs from the current zone | |
| '######################################################################## | |
| Set objHTTP = CreateObject("Msxml2.XMLHTTP") | |
| objHTTP.open "GET", objURLpre & url & objURLpost, False | |
| objHTTP.send | |
| HTTPstatus = objHTTP.Status | |
| If HTTPstatus= "200" Then | |
| GetHTML = objHTTP.responseText | |
| '######################################################################## | |
| 'Delete previous firewall rules with the same name | |
| '######################################################################## | |
| netshCommand = "NETSH advfirewall firewall delete rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34) | |
| errorcode = objShell.Run(netshCommand, 1, true) | |
| '######################################################################## | |
| 'wscript.echo errorcode 0 = good / 1 = bad | |
| '######################################################################## | |
| current = 0 | |
| iplist = "" | |
| iparray=Split(GetHTML, chr(10)) | |
| For each ip in iparray | |
| If current = 0 Then | |
| iplist = ip | |
| current = 1 | |
| Else | |
| iplist = iplist & "," &ip | |
| current = current + 1 | |
| End If | |
| '######################################################################## | |
| 'If we have reached our limit then push the rule to the firewall | |
| '######################################################################## | |
| if current = percommand Then | |
| netshCommand = "NETSH advfirewall firewall add rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34) & " dir=In action=Block Enable=yes profile=public,private,domain localip=" & serverIPs & " remoteip=" & ipList & " protocol=tcp" | |
| errorcode = objShell.Run(netshCommand, 1, true) | |
| current = 0 | |
| iplist = "" | |
| End If | |
| Next | |
| '######################################################################## | |
| 'Add any left over IPs | |
| '######################################################################## | |
| if current > 0 Then | |
| netshCommand = "NETSH advfirewall firewall add rule name=" & chr(34) & rulename & " " & url & " Block" & chr(34) & " dir=In action=Block Enable=yes profile=public,private,domain localip=" & serverIPs & " remoteip=" & ipList & " protocol=tcp" | |
| errorcode = objShell.Run(netshCommand, 1, true) | |
| End if | |
| Else | |
| wscript.echo "ERROR GETTING TO URL: " & URL | |
| End If | |
| Next | |
| wscript.echo "done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment