zoneblock.sh

1. #!/bin/bash
2.  
3. IPT=/sbin/iptables
4. ISO="cn af al eg kp lb ly ma ng ne sa so sn sd sy tn ug ae ye zm zw"
5. #Short list for testing purposes.
6. #ISO="af al"
7. if [ -d /root/iptables_zones ]
8.     then echo "dir exists" && pwd
9. else
10.     echo "dir doesn't exist, creating... "
11.     mkdir /root/iptables_zones && pwd
12. fi
13. cd /root/iptables_zones/ && ls -lAh
14.  
15. #optional - download all aggregated blocklists:
16. #wget -r -nd -A *.zone http://www.ipdeny.com/ipblocks/data/aggregated/
17. #ls -lAh
18.  
19. echo "Clearing current iptables rules!"
20. $IPT -F
21. $IPT -X
22. $IPT -P INPUT ACCEPT
23. $IPT -P OUTPUT ACCEPT
24. $IPT -P FORWARD ACCEPT
25.  
26. for zf in $ISO
27.     do
28.         echo "Testing for $zf-aggregated.zone"
29.         if [ -f $zf-aggregated.zone ] ; then
30.             echo -e "\t$zf-aggregated.zone exists, skipping... "
31.         else
32.             echo -e "\t$zf-aggregated.zone missing, downloading... "    
33.             wget -nd http://www.ipdeny.com/ipblocks/data/aggregated/$zf-aggregated.zone
34.         fi
35.         echo -e "Done. \nCreating new rules.\nThis will take a while..."
36.    
37.         for i in $(cat $zf-aggregated.zone)
38.             do
39.                 $IPT -A INPUT -s $i -j LOG --log-prefix "IP ZONE BLOCK $zf: "
40.                 $IPT -A INPUT -s $i -j DROP
41.             done
42.         echo -e "\tNew block rules for $zf created."
43.     done
44. echo 'Rules created for: '\"$ISO\""."
45.