#!/bin/bash### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO

1. #!/bin/bash
2. ### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ###
3. ISO="us nl"
4.  
5. ### Set PATH ###
6. IPT=/sbin/iptables
7. WGET=/usr/bin/wget
8. EGREP=/bin/egrep
9.  
10. ### No editing below ###
11. SPAMLIST="countrydrop"
12. ZONEROOT="/root/iptables"
13. DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
14.  
15. cleanOldRules(){
16. $IPT -F
17. $IPT -X
18. $IPT -t nat -F
19. $IPT -t nat -X
20. $IPT -t mangle -F
21. $IPT -t mangle -X
22. $IPT -P INPUT ACCEPT
23. $IPT -P OUTPUT ACCEPT
24. $IPT -P FORWARD ACCEPT
25. }
26.  
27. # create a dir
28. [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
29.  
30. # clean old rules
31. cleanOldRules
32.  
33. # create a new iptables list
34. $IPT -N $SPAMLIST
35.  
36. for c  in $ISO
37. do
38.     # local zone file
39.     tDB=$ZONEROOT/$c.zone
40.  
41.     # get fresh zone file
42.     $WGET -O $tDB $DLROOT/$c.zone
43.  
44.     # country specific log message
45.     SPAMDROPMSG="$c Country Drop"
46.  
47.     # get
48.     BADIPS=$(egrep -v "^#|^$" $tDB)
49.     for ipblock in $BADIPS
50.     do
51.        $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
52.        $IPT -A $SPAMLIST -s $ipblock -j DROP
53.     done
54. done
55.  
56. # Drop everything
57. $IPT -I INPUT -j $SPAMLIST
58. $IPT -I OUTPUT -j $SPAMLIST
59. $IPT -I FORWARD -j $SPAMLIST
60. exit 0