Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ###
- ISO="af cn th kr"
- ### Set PATH ###
- IPT=/sbin/iptables
- IPT_SAVE=/sbin/service
- IPT_SAVE_ARGS="iptables save"
- WGET=/usr/bin/wget
- EGREP=/bin/egrep
- ### No editing below ###
- #SPAMLIST="countrydrop"
- ZONEROOT="/root/iptables"
- DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
- ### run ./block_countries_iptables.sh flush ###
- if [ $1 == "flush" ]
- then
- for c in $ISO
- do
- $IPT -D INPUT -j $c
- $IPT -D OUTPUT -j $c
- $IPT -D FORWARD -j $c
- $IPT -F $c
- $IPT -X $c
- rm $ZONEROOT/$c.zone
- done
- $IPT_SAVE $IPT_SAVE_ARGS
- echo "ALL COUNTRIES REMOVED"
- exit 0
- fi
- ### END ###
- cleanOldRules(){
- $IPT -D INPUT -j $1
- $IPT -D OUTPUT -j $1
- $IPT -D FORWARD -j $1
- $IPT -F $1
- $IPT -X $1
- rm $ZONEROOT/$1.zone
- }
- # create a dir
- [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
- for c in $ISO
- do
- # clean old rules
- [ -f $ZONEROOT/$c.zone ] && cleanOldRules $c
- # create a new iptables list
- $IPT -N $c
- # local zone file
- tDB=$ZONEROOT/$c.zone
- # get fresh zone file
- $WGET -O $tDB $DLROOT/$c.zone
- # country specific log message
- SPAMDROPMSG="$c Country Drop: "
- # get
- BADIPS=$(egrep -v "^#|^$" $tDB)
- for ipblock in $BADIPS
- do
- $IPT -A $c -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
- $IPT -A $c -s $ipblock -j DROP
- done
- # exit chain
- $IPT -A $c -j RETURN
- # Drop everything
- $IPT -I INPUT -j $c
- $IPT -I OUTPUT -j $c
- $IPT -I FORWARD -j $c
- done
- # call your other iptable script
- $IPT_SAVE $IPT_SAVE_ARGS
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement