Created
February 10, 2012 12:05
-
-
Save irr/1789094 to your computer and use it in GitHub Desktop.
iptables country-block
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ### | |
| ISO="af cn" | |
| ### Set PATH ### | |
| IPT=/sbin/iptables | |
| WGET=/usr/bin/wget | |
| EGREP=/bin/egrep | |
| ### No editing below ### | |
| SPAMLIST="countrydrop" | |
| ZONEROOT="/root/iptables" | |
| DLROOT="http://www.ipdeny.com/ipblocks/data/countries" | |
| cleanOldRules(){ | |
| $IPT -F | |
| $IPT -X | |
| $IPT -t nat -F | |
| $IPT -t nat -X | |
| $IPT -t mangle -F | |
| $IPT -t mangle -X | |
| $IPT -P INPUT ACCEPT | |
| $IPT -P OUTPUT ACCEPT | |
| $IPT -P FORWARD ACCEPT | |
| } | |
| # create a dir | |
| [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT | |
| # clean old rules | |
| cleanOldRules | |
| # create a new iptables list | |
| $IPT -N $SPAMLIST | |
| for c in $ISO | |
| do | |
| # local zone file | |
| tDB=$ZONEROOT/$c.zone | |
| # get fresh zone file | |
| $WGET -O $tDB $DLROOT/$c.zone | |
| # country specific log message | |
| SPAMDROPMSG="$c Country Drop" | |
| # get | |
| BADIPS=$(egrep -v "^#|^$" $tDB) | |
| for ipblock in $BADIPS | |
| do | |
| $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG" | |
| $IPT -A $SPAMLIST -s $ipblock -j DROP | |
| done | |
| done | |
| # Drop everything | |
| $IPT -I INPUT -j $SPAMLIST | |
| $IPT -I OUTPUT -j $SPAMLIST | |
| $IPT -I FORWARD -j $SPAMLIST | |
| # call your other iptable script | |
| # /path/to/other/iptables.sh | |
| exit 0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment