mdevrees · October 12, 2024 10:05 · mdevrees · Oct 12, 2024
diff --git a/country.block.iptables.sh b/country.block.iptables.sh
 #!/bin/bash
 # BASED ON:
 # Purpose: Block all traffic from CHINA (CN). Use ISO code. #
 # See url for more info - http://www.cyberciti.biz/faq/?p=3402
 # Author: nixCraft <www.cyberciti.biz> under GPL v.2.0+
 # -------------------------------------------------------------------------------
 # https://www.ipdeny.com/ipblocks/
 # il israel
 # ru russia
 # by bellarus
 # cn china
 # hk hong kong
 # -------------------------------------------------------------------------------
 # sudo wget RAW_LINK -O /usr/bin/country.block.iptables.sh
 # sudo chmod +x /usr/bin/country.block.iptables.sh
 # sudo ln -s /usr/bin/country.block.iptables.sh /etc/cron.weekly/country.block.iptables.sh 

 ISO="il ru by cn hk"

 ### Set PATH ###
 IPT=/usr/sbin/iptables
 WGET=/usr/bin/wget
 EGREP='/usr/bin/egrep -E'

 ### No editing below ###
 SPAMLIST="countrydrop"
 ZONEROOT="/root/iptables"
 DLROOT="http://www.ipdeny.com/ipblocks/data/countries"

 # create a dir
 [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT


 setup () {
        # create a new iptables list
        $IPT -N $SPAMLIST > /dev/null 2>&1 || return

        # reference
        $IPT -I INPUT -j "$SPAMLIST"
        $IPT -I OUTPUT -j "$SPAMLIST"
        $IPT -I FORWARD -j "$SPAMLIST"
 }

 setup

 # clean old rules
 $IPT -F "$SPAMLIST"

 for c in $ISO
 do
        # local zone file
        tDB="$ZONEROOT/$c.zone"

        # get fresh zone file
        $WGET -O "$tDB" "$DLROOT/$c.zone"

        # country specific log message
        SPAMDROPMSG="$c Country Drop"

        # get
        BADIPS=$($EGREP -v "^#|^$" "$tDB")
        for ipblock in $BADIPS
        do
           # $IPT -A "$SPAMLIST" -s "$ipblock" -j LOG --log-prefix "$SPAMDROPMSG"
           $IPT -A "$SPAMLIST" -s "$ipblock" -j DROP
        done
 done

 exit 0
	#!/bin/bash
	# BASED ON:
	# Purpose: Block all traffic from CHINA (CN). Use ISO code. #
	# See url for more info - http://www.cyberciti.biz/faq/?p=3402
	# Author: nixCraft <www.cyberciti.biz> under GPL v.2.0+
	# -------------------------------------------------------------------------------
	# https://www.ipdeny.com/ipblocks/
	# il israel
	# ru russia
	# by bellarus
	# cn china
	# hk hong kong
	# -------------------------------------------------------------------------------
	# sudo wget RAW_LINK -O /usr/bin/country.block.iptables.sh
	# sudo chmod +x /usr/bin/country.block.iptables.sh
	# sudo ln -s /usr/bin/country.block.iptables.sh /etc/cron.weekly/country.block.iptables.sh

	ISO="il ru by cn hk"

	### Set PATH ###
	IPT=/usr/sbin/iptables
	WGET=/usr/bin/wget
	EGREP='/usr/bin/egrep -E'

	### No editing below ###
	SPAMLIST="countrydrop"
	ZONEROOT="/root/iptables"
	DLROOT="http://www.ipdeny.com/ipblocks/data/countries"

	# create a dir
	[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT


	setup () {
	# create a new iptables list
	$IPT -N $SPAMLIST > /dev/null 2>&1 \|\| return

	# reference
	$IPT -I INPUT -j "$SPAMLIST"
	$IPT -I OUTPUT -j "$SPAMLIST"
	$IPT -I FORWARD -j "$SPAMLIST"
	}

	setup

	# clean old rules
	$IPT -F "$SPAMLIST"

	for c in $ISO
	do
	# local zone file
	tDB="$ZONEROOT/$c.zone"

	# get fresh zone file
	$WGET -O "$tDB" "$DLROOT/$c.zone"

	# country specific log message
	SPAMDROPMSG="$c Country Drop"

	# get
	BADIPS=$($EGREP -v "^#\|^$" "$tDB")
	for ipblock in $BADIPS
	do
	# $IPT -A "$SPAMLIST" -s "$ipblock" -j LOG --log-prefix "$SPAMDROPMSG"
	$IPT -A "$SPAMLIST" -s "$ipblock" -j DROP
	done
	done

	exit 0