|
|
@@ -0,0 +1,150 @@ |
|
|
#!/bin/bash |
|
|
|
|
|
country_block=(china bangladesh cambodia hongkong india iran iraq jordan korea kuwait malysia morocco oman pakistan qatar saudi singapore sudan thailand taiwan emirates vietnam turkey) |
|
|
|
|
|
echo "--------------------------------------" |
|
|
echo "Generating ipset for country ip-blocks" |
|
|
echo "by r4ven <[email protected]>" |
|
|
echo "Script started at $(date +"%Y-%m%d %T")" |
|
|
echo "--------------------------------------" |
|
|
echo "" |
|
|
echo "Countries: china,bangladesh,cambodia,hongkong,india,iran,iraq,jordan,korea,kuwait,malysia,morocco,oman,pakistan,qatar,saudi,singapore,sudan,thailand,taiwan,emirates,vietnam,turkey" |
|
|
echo "" |
|
|
echo "FLUSH custom IPSET" |
|
|
|
|
|
for i in "${country_block[@]}" |
|
|
do |
|
|
ipset flush $i |
|
|
done |
|
|
|
|
|
echo "" |
|
|
echo "Download and set new rules:" |
|
|
echo "" |
|
|
echo "SET China IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/cn.zone |
|
|
ipset -N -exist china hash:net |
|
|
for i in $(cat cn.zone ); do ipset -A china $i; done |
|
|
|
|
|
echo "SET Bangladesh IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/bd.zone |
|
|
ipset -N -exist bangladesh hash:net |
|
|
for i in $(cat bd.zone ); do ipset -A bangladesh $i; done |
|
|
|
|
|
echo "SET Cambodia IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/kh.zone |
|
|
ipset -N -exist cambodia hash:net |
|
|
for i in $(cat kh.zone ); do ipset -A cambodia $i; done |
|
|
|
|
|
echo "SET Hong-Kong IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/hk.zone |
|
|
ipset -N -exist hongkong hash:net |
|
|
for i in $(cat hk.zone ); do ipset -A hongkong $i; done |
|
|
|
|
|
echo "SET India IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/in.zone |
|
|
ipset -N -exist india hash:net |
|
|
for i in $(cat in.zone ); do ipset -A india $i; done |
|
|
|
|
|
echo "SET Iran IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/ir.zone |
|
|
ipset -N -exist iran hash:net |
|
|
for i in $(cat ir.zone ); do ipset -A iran $i; done |
|
|
|
|
|
echo "SET Iraq IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/iq.zone |
|
|
ipset -N -exist iraq hash:net |
|
|
for i in $(cat iq.zone ); do ipset -A iraq $i; done |
|
|
|
|
|
echo "SET Jordan IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/jo.zone |
|
|
ipset -N -exist jordan hash:net |
|
|
for i in $(cat jo.zone ); do ipset -A jordan $i; done |
|
|
|
|
|
echo "SET Korea IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/kp.zone |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/kr.zone |
|
|
ipset -N -exist korea hash:net |
|
|
for i in $(cat kp.zone ); do ipset -A korea $i; done |
|
|
for i in $(cat kr.zone ); do ipset -A korea $i; done |
|
|
|
|
|
echo "SET Kuwait IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/kw.zone |
|
|
ipset -N -exist kuwait hash:net |
|
|
for i in $(cat kw.zone ); do ipset -A kuwait $i; done |
|
|
|
|
|
echo "SET Malysia IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/my.zone |
|
|
ipset -N -exist malysia hash:net |
|
|
for i in $(cat my.zone ); do ipset -A malysia $i; done |
|
|
|
|
|
echo "SET Morocco IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/ma.zone |
|
|
ipset -N -exist morocco hash:net |
|
|
for i in $(cat ma.zone ); do ipset -A morocco $i; done |
|
|
echo "SET Oman IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/om.zone |
|
|
ipset -N -exist oman hash:net |
|
|
for i in $(cat om.zone ); do ipset -A oman $i; done |
|
|
|
|
|
echo "SET Pakistan IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/pk.zone |
|
|
ipset -N -exist pakistan hash:net |
|
|
for i in $(cat pk.zone ); do ipset -A pakistan $i; done |
|
|
|
|
|
echo "SET Qatar IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/qa.zone |
|
|
ipset -N -exist qatar hash:net |
|
|
for i in $(cat qa.zone ); do ipset -A qatar $i; done |
|
|
|
|
|
echo "SET Saudi Arabia IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/sa.zone |
|
|
ipset -N -exist saudi hash:net |
|
|
for i in $(cat sa.zone ); do ipset -A saudi $i; done |
|
|
|
|
|
echo "SET Singapore IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/sg.zone |
|
|
ipset -N -exist singapore hash:net |
|
|
for i in $(cat sg.zone ); do ipset -A singapore $i; done |
|
|
|
|
|
echo "SET Sudan IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/sd.zone |
|
|
ipset -N -exist sudan hash:net |
|
|
for i in $(cat sd.zone ); do ipset -A sudan $i; done |
|
|
|
|
|
echo "SET Thailand IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/th.zone |
|
|
ipset -N -exist thailand hash:net |
|
|
for i in $(cat th.zone ); do ipset -A thailand $i; done |
|
|
|
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/tw.zone |
|
|
ipset -N -exist taiwan hash:net |
|
|
for i in $(cat tw.zone ); do ipset -A taiwan $i; done |
|
|
|
|
|
echo "SET UNITED ARAB EMIRATES IP Blocks" |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/ae.zone |
|
|
ipset -N -exist emirates hash:net |
|
|
for i in $(cat ae.zone ); do ipset -A emirates $i; done |
|
|
|
|
|
echo "SET Viet Nam IP Blocks" |
|
|
ipset -N -exist vietnam hash:net |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/vn.zone |
|
|
for i in $(cat vn.zone ); do ipset -A vietnam $i; done |
|
|
|
|
|
echo "SET Turkey IP Blocks" |
|
|
ipset -N -exist turkey hash:net |
|
|
wget -q http://www.ipdeny.com/ipblocks/data/countries/tr.zone |
|
|
for i in $(cat tr.zone ); do ipset -A turkey $i; done |
|
|
|
|
|
|
|
|
rm -rf *.zone |
|
|
echo "" |
|
|
echo "----------------------------------------------------------" |
|
|
echo "IP blocks downloaded from: http://www.ipdeny.com/ipblocks/" |
|
|
echo "IP SET generated at "$(date +"%Y-%m-%d %T") |
|
|
echo "----------------------------------------------------------" |
|
|
echo "add to firewall:" |
|
|
|
|
|
for i in "${country_block[@]}" |
|
|
do |
|
|
echo "/sbin/iptables -I INPUT -p all -m set --match-set $i src -j DROP" |
|
|
done |
r4v created this gist