paul-chambers · August 5, 2023 07:50
diff --git a/update-country-ipsets.sh b/update-country-ipsets.sh
 #!/bin/bash
 #
 # Powered by <a href="http://www.ipdeny.com">IPDENY.COM</a> IP database.
 #
 # Pull the agregated zone lists from denyip.com, and create country-specific ipsets from them
 #
 # This approach doesn't require an additional 'geoip' kernel module or the Maxmind database. 
 #
 # When updating, the new ipset replaces the existing one with a 'swap', so there isn't any
 # time period when the set is empty.
 #
 # Paul Chambers, August 5, 2023
 #

 countries='gb ca'

 for country in ${countries}
 do
    url="https://www.ipdeny.com/ipblocks/data/aggregated/${country}-aggregated.zone"

    ipset create "country-${country}-import" hash:net && ipset -! create "country-${country}" hash:net

    while IF= read -r cidr
    do
        ipset add "country-${country}-import" "${cidr}"
    done < <(curl "${url}")

    ipset swap "country-${country}-import" "country-${country}" && ipset destroy "country-${country}-import"
 done
	#!/bin/bash
	#
	# Powered by <a href="http://www.ipdeny.com">IPDENY.COM</a> IP database.
	#
	# Pull the agregated zone lists from denyip.com, and create country-specific ipsets from them
	#
	# This approach doesn't require an additional 'geoip' kernel module or the Maxmind database.
	#
	# When updating, the new ipset replaces the existing one with a 'swap', so there isn't any
	# time period when the set is empty.
	#
	# Paul Chambers, August 5, 2023
	#

	countries='gb ca'

	for country in ${countries}
	do
	url="https://www.ipdeny.com/ipblocks/data/aggregated/${country}-aggregated.zone"

	ipset create "country-${country}-import" hash:net && ipset -! create "country-${country}" hash:net

	while IF= read -r cidr
	do
	ipset add "country-${country}-import" "${cidr}"
	done < <(curl "${url}")

	ipset swap "country-${country}-import" "country-${country}" && ipset destroy "country-${country}-import"
	done