Created
November 11, 2013 15:44
-
-
Save anonymous/7415239 to your computer and use it in GitHub Desktop.
block-china.sh - simple script to block all traffic from china
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Copyright 11.11.13 Michell Gailing <gailing.michell@gmail.com> | |
#It's Licensed under DWWWI 'Do whatever you want with it!' | |
wget http://www.okean.com/chinacidr.txt | |
sed -i '1,4d' chinacidr.txt | |
sed -i 's/ China//g' chinacidr.txt | |
ipset create china hash:net | |
while read line; do ipset add china ; done < chinacidr.txt | |
iptables -I INPUT -m set --match-set china src -j DROP | |
rm chinacidr.txt |
Oh pardon i forgot the $line variable
and i get the chinacidr.txt from http://www.okean.com/chinacidr.txt
you can get the working code at https://gist.github.com/Kruemmelmonster/8304729
Currently I have iptables and ajenti installed to manage my server.
ipset seams not to be installed. Will it be enough to just install ipset to make iptables work with ipset ?
Cheers
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Script complains about 2nd mandatory argument for ipset :(
I've tried with something like :
for ip in $(cat chinacidr.txt); do ipset add china $ip; done;
But then I check iptables and I just find :
iptables -v -L -n | grep china
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set china src
Which, as I do not yet know ipset, I am not sure if it is right