File tree Expand file tree Collapse file tree 1 file changed +67
-0
lines changed Expand file tree Collapse file tree 1 file changed +67
-0
lines changed Original file line number Diff line number Diff line change 1+ #! /bin/bash
2+ # Purpose: Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code. #
3+ # See url for more info - http://www.cyberciti.biz/faq/?p=3402
4+ # Author: nixCraft <www.cyberciti.biz> under GPL v.2.0+
5+ # -------------------------------------------------------------------------------
6+ ISO=" cn"
7+
8+ # ## Set PATH ###
9+ IPT=/sbin/iptables
10+ WGET=/usr/bin/wget
11+ EGREP=/bin/egrep
12+
13+ # ## No editing below ###
14+ SPAMLIST=" countrydrop"
15+ ZONEROOT=" /root/iptables"
16+ DLROOT=" http://www.ipdeny.com/ipblocks/data/countries"
17+
18+ cleanOldRules (){
19+ $IPT -F
20+ $IPT -X
21+ $IPT -t nat -F
22+ $IPT -t nat -X
23+ $IPT -t mangle -F
24+ $IPT -t mangle -X
25+ $IPT -P INPUT ACCEPT
26+ $IPT -P OUTPUT ACCEPT
27+ $IPT -P FORWARD ACCEPT
28+ }
29+
30+ # create a dir
31+ [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
32+
33+ # clean old rules
34+ cleanOldRules
35+
36+ # create a new iptables list
37+ $IPT -N $SPAMLIST
38+
39+ for c in $ISO
40+ do
41+ # local zone file
42+ tDB=$ZONEROOT /$c .zone
43+
44+ # get fresh zone file
45+ $WGET -O $tDB $DLROOT /$c .zone
46+
47+ # country specific log message
48+ SPAMDROPMSG=" $c Country Drop"
49+
50+ # get
51+ BADIPS=$( egrep -v " ^#|^$" $tDB )
52+ for ipblock in $BADIPS
53+ do
54+ $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix " $SPAMDROPMSG "
55+ $IPT -A $SPAMLIST -s $ipblock -j DROP
56+ done
57+ done
58+
59+ # Drop everything
60+ $IPT -I INPUT -j $SPAMLIST
61+ $IPT -I OUTPUT -j $SPAMLIST
62+ $IPT -I FORWARD -j $SPAMLIST
63+
64+ # call your other iptable script
65+ # /path/to/other/iptables.sh
66+
67+ exit 0
You can’t perform that action at this time.
0 commit comments