PHP Russia ip ranges parser ripe.db.inetnum to ipset restore file
<?php | |
$handle = @fopen("ip.ru.ranges.txt", "r"); | |
$fullNetworks = []; | |
$fullNetworks[] = "104.192.136.0/21"; // ATLASSIAN PTY LTD | |
$fullNetworks[] = "69.162.124.226/28"; // uptimerobot.com | |
$fullNetworks[] = "63.143.42.242/28"; // uptimerobot.com | |
$fullNetworks[] = "66.249.64.0/19"; // Googlebot | |
$fullNetworks[] = "66.102.0.0/20"; // Google Inc | |
$ips = []; | |
$i = 0; | |
$j = 0; | |
echo "Progress ips2cidr:\n"; | |
if ($handle) { | |
while (($buffer = fgets($handle, 1024)) !== false) { | |
$i++; | |
$j++; | |
if($j == 100){ | |
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r"; | |
$j = 0; | |
} | |
$ips = explode(" - ", trim($buffer)); | |
ip2cidr($ips,$fullNetworks); | |
} | |
if (!feof($handle)) { | |
echo "Error: unexpected fgets() fail\n"; | |
} | |
fclose($handle); | |
echo "Total networks: " . count($fullNetworks)."\n"; | |
if (count($fullNetworks) > 0) { | |
file_put_contents("/root/ipset.rusnetworks.rules", "create rusnetworks hash:net family inet hashsize 1024 maxelem 500000\nadd rusnetworks " . implode("\nadd rusnetworks ", $fullNetworks) . "\n"); | |
} | |
} | |
function ip2cidr($ips,&$fullNetworks) { | |
$num = ip2long($ips[1]) - ip2long($ips[0]) + 1; | |
$bin = decbin($num); | |
$chunk = str_split($bin); | |
$chunk = array_reverse($chunk); | |
$start = 0; | |
while ($start < count($chunk)) { | |
if ($chunk[$start] != 0) { | |
$start_ip = isset($range) ? long2ip(ip2long($range[1]) + 1) : $ips[0]; | |
$range = cidr2ip($start_ip . '/' . (32 - $start)); | |
$fullNetworks[] = $start_ip . '/' . (32 - $start); | |
} | |
$start++; | |
} | |
} | |
function cidr2ip($cidr) { | |
$ip_arr = explode('/', $cidr); | |
$start = ip2long($ip_arr[0]); | |
$nm = $ip_arr[1]; | |
$num = pow(2, 32 - $nm); | |
$end = $start + $num - 1; | |
return array($ip_arr[0], long2ip($end)); | |
} |
<?php | |
/** | |
* download db from ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz | |
*/ | |
$handle = @fopen("ripe.db.inetnum", "r"); | |
$ranges = []; | |
echo "Parsing:\n"; | |
if ($handle) { | |
$i = 0; | |
$j = 0; | |
$rc = 0; | |
while (($buffer = fgets($handle, 4096)) !== false) { | |
$i++; | |
$j++; | |
if($j == 100000){ | |
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r"; | |
$j = 0; | |
} | |
if(substr($buffer,0,7) == 'inetnum'){ | |
$range = substr($buffer,16,-1); | |
} | |
if(substr($buffer,0,7) == 'country'){ | |
if(substr($buffer,16,2) == 'RU'){ | |
$ranges[] = $range; | |
$rc++; | |
} | |
} | |
} | |
if (!feof($handle)) { | |
echo "Error: unexpected fgets() fail\n"; | |
} | |
fclose($handle); | |
echo "Total ranges: $rc\n"; | |
if(count($ranges) > 0){ | |
file_put_contents("ip.ru.ranges.txt", implode("\n", $ranges)); | |
} | |
} |
#!/bin/bash | |
cd /root/sh | |
wget -O ripe.db.inetnum.gz ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz | |
if [ ! -f /root/sh/ripe.db.inetnum.gz ]; then | |
echo "File ripe.db.inetnum.gz not found!" | |
exit | |
fi | |
gunzip ripe.db.inetnum.gz | |
rm -f ripe.db.inetnum.gz | |
echo "Get ripe.db.inetnum lines count..." | |
c=$(wc -l ripe.db.inetnum) | |
php ranges.php $c | |
rm -f ripe.db.inetnum | |
c=$(wc -l ip.ru.ranges.txt) | |
php ip2cidr.php $c | |
rm -f ip.ru.ranges.txt | |
if [ ! -f /root/ipset.rusnetworks.rules ]; then | |
echo "File /root/ipset.rusnetworks.rules not found!" | |
exit | |
fi | |
echo "Stopping iptables service" | |
systemctl stop iptables | |
echo "Remove set rusnetworks from ipset" | |
ipset -X rusnetworks | |
echo "Restore set rusnetworks from ipset.rusnetworks.rules" | |
cat /root/ipset.rusnetworks.rules | ipset restore -! | |
echo "Starting iptables service" | |
systemctl start iptables | |
echo "Add iptables rusnetworks rule" | |
/usr/sbin/iptables -I INPUT 6 -p tcp -m set --match-set rusnetworks src -m state --state NEW -m multiport --dports 80,443 -j ACCEPT | |
/usr/sbin/iptables -S | grep rusnetworks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment