Skip to content

Instantly share code, notes, and snippets.

@csrutil

csrutil/ipset_generate.sh

Created May 15, 2017 06:42
Show Gist options
  • Save csrutil/a7ae8121f82e440d7aa2aa12c858b934 to your computer and use it in GitHub Desktop.
Save csrutil/a7ae8121f82e440d7aa2aa12c858b934 to your computer and use it in GitHub Desktop.
Download ZIP
IPSET - fetch certain countries ip blocks for iptables DROP
Raw
ipset_generate.sh
#!/bin/bash
country_block=(china bangladesh cambodia hongkong india iran iraq jordan korea kuwait malysia morocco oman pakistan qatar saudi singapore sudan thailand taiwan emirates vietnam turkey)
echo "--------------------------------------"
echo "Generating ipset for country ip-blocks"
echo "by r4ven <mateusz@3w-projekt.pl>"
echo "Script started at $(date +"%Y-%m%d %T")"
echo "--------------------------------------"
echo ""
echo "Countries: china,bangladesh,cambodia,hongkong,india,iran,iraq,jordan,korea,kuwait,malysia,morocco,oman,pakistan,qatar,saudi,singapore,sudan,thailand,taiwan,emirates,vietnam,turkey"
echo ""
echo "FLUSH custom IPSET"
for i in "${country_block[@]}"
do
ipset flush $i
done
echo ""
echo "Download and set new rules:"
echo ""
echo "SET China IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/cn.zone
ipset -N -exist china hash:net
for i in $(cat cn.zone ); do ipset -A china $i; done
echo "SET Bangladesh IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/bd.zone
ipset -N -exist bangladesh hash:net
for i in $(cat bd.zone ); do ipset -A bangladesh $i; done
echo "SET Cambodia IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/kh.zone
ipset -N -exist cambodia hash:net
for i in $(cat kh.zone ); do ipset -A cambodia $i; done
echo "SET Hong-Kong IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/hk.zone
ipset -N -exist hongkong hash:net
for i in $(cat hk.zone ); do ipset -A hongkong $i; done
echo "SET India IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/in.zone
ipset -N -exist india hash:net
for i in $(cat in.zone ); do ipset -A india $i; done
echo "SET Iran IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/ir.zone
ipset -N -exist iran hash:net
for i in $(cat ir.zone ); do ipset -A iran $i; done
echo "SET Iraq IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/iq.zone
ipset -N -exist iraq hash:net
for i in $(cat iq.zone ); do ipset -A iraq $i; done
echo "SET Jordan IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/jo.zone
ipset -N -exist jordan hash:net
for i in $(cat jo.zone ); do ipset -A jordan $i; done
echo "SET Korea IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/kp.zone
wget -q http://www.ipdeny.com/ipblocks/data/countries/kr.zone
ipset -N -exist korea hash:net
for i in $(cat kp.zone ); do ipset -A korea $i; done
for i in $(cat kr.zone ); do ipset -A korea $i; done
echo "SET Kuwait IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/kw.zone
ipset -N -exist kuwait hash:net
for i in $(cat kw.zone ); do ipset -A kuwait $i; done
echo "SET Malysia IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/my.zone
ipset -N -exist malysia hash:net
for i in $(cat my.zone ); do ipset -A malysia $i; done
echo "SET Morocco IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/ma.zone
ipset -N -exist morocco hash:net
for i in $(cat ma.zone ); do ipset -A morocco $i; done
echo "SET Oman IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/om.zone
ipset -N -exist oman hash:net
for i in $(cat om.zone ); do ipset -A oman $i; done
echo "SET Pakistan IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/pk.zone
ipset -N -exist pakistan hash:net
for i in $(cat pk.zone ); do ipset -A pakistan $i; done
echo "SET Qatar IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/qa.zone
ipset -N -exist qatar hash:net
for i in $(cat qa.zone ); do ipset -A qatar $i; done
echo "SET Saudi Arabia IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/sa.zone
ipset -N -exist saudi hash:net
for i in $(cat sa.zone ); do ipset -A saudi $i; done
echo "SET Singapore IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/sg.zone
ipset -N -exist singapore hash:net
for i in $(cat sg.zone ); do ipset -A singapore $i; done
echo "SET Sudan IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/sd.zone
ipset -N -exist sudan hash:net
for i in $(cat sd.zone ); do ipset -A sudan $i; done
echo "SET Thailand IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/th.zone
ipset -N -exist thailand hash:net
for i in $(cat th.zone ); do ipset -A thailand $i; done
wget -q http://www.ipdeny.com/ipblocks/data/countries/tw.zone
ipset -N -exist taiwan hash:net
for i in $(cat tw.zone ); do ipset -A taiwan $i; done
echo "SET UNITED ARAB EMIRATES IP Blocks"
wget -q http://www.ipdeny.com/ipblocks/data/countries/ae.zone
ipset -N -exist emirates hash:net
for i in $(cat ae.zone ); do ipset -A emirates $i; done
echo "SET Viet Nam IP Blocks"
ipset -N -exist vietnam hash:net
wget -q http://www.ipdeny.com/ipblocks/data/countries/vn.zone
for i in $(cat vn.zone ); do ipset -A vietnam $i; done
echo "SET Turkey IP Blocks"
ipset -N -exist turkey hash:net
wget -q http://www.ipdeny.com/ipblocks/data/countries/tr.zone
for i in $(cat tr.zone ); do ipset -A turkey $i; done
rm -rf *.zone
echo ""
echo "----------------------------------------------------------"
echo "IP blocks downloaded from: http://www.ipdeny.com/ipblocks/"
echo "IP SET generated at "$(date +"%Y-%m-%d %T")
echo "----------------------------------------------------------"
echo "add to firewall:"
for i in "${country_block[@]}"
do
echo "/sbin/iptables -I INPUT -p all -m set --match-set $i src -j DROP"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment