Last active
December 3, 2019 13:36
-
-
Save greenpeas/d04cd0fe1e20a8d6e8045a5ae510a2d8 to your computer and use it in GitHub Desktop.
PHP Russia ip ranges parser ripe.db.inetnum to ipset restore file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$handle = @fopen("ip.ru.ranges.txt", "r"); | |
$fullNetworks = []; | |
$fullNetworks[] = "104.192.136.0/21"; // ATLASSIAN PTY LTD | |
$fullNetworks[] = "69.162.124.226/28"; // uptimerobot.com | |
$fullNetworks[] = "63.143.42.242/28"; // uptimerobot.com | |
$fullNetworks[] = "66.249.64.0/19"; // Googlebot | |
$fullNetworks[] = "66.102.0.0/20"; // Google Inc | |
$ips = []; | |
$i = 0; | |
$j = 0; | |
echo "Progress ips2cidr:\n"; | |
if ($handle) { | |
while (($buffer = fgets($handle, 1024)) !== false) { | |
$i++; | |
$j++; | |
if($j == 100){ | |
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r"; | |
$j = 0; | |
} | |
$ips = explode(" - ", trim($buffer)); | |
ip2cidr($ips,$fullNetworks); | |
} | |
if (!feof($handle)) { | |
echo "Error: unexpected fgets() fail\n"; | |
} | |
fclose($handle); | |
echo "Total networks: " . count($fullNetworks)."\n"; | |
if (count($fullNetworks) > 0) { | |
file_put_contents("/root/ipset.rusnetworks.rules", "create rusnetworks hash:net family inet hashsize 1024 maxelem 500000\nadd rusnetworks " . implode("\nadd rusnetworks ", $fullNetworks) . "\n"); | |
} | |
} | |
function ip2cidr($ips,&$fullNetworks) { | |
$num = ip2long($ips[1]) - ip2long($ips[0]) + 1; | |
$bin = decbin($num); | |
$chunk = str_split($bin); | |
$chunk = array_reverse($chunk); | |
$start = 0; | |
while ($start < count($chunk)) { | |
if ($chunk[$start] != 0) { | |
$start_ip = isset($range) ? long2ip(ip2long($range[1]) + 1) : $ips[0]; | |
$range = cidr2ip($start_ip . '/' . (32 - $start)); | |
$fullNetworks[] = $start_ip . '/' . (32 - $start); | |
} | |
$start++; | |
} | |
} | |
function cidr2ip($cidr) { | |
$ip_arr = explode('/', $cidr); | |
$start = ip2long($ip_arr[0]); | |
$nm = $ip_arr[1]; | |
$num = pow(2, 32 - $nm); | |
$end = $start + $num - 1; | |
return array($ip_arr[0], long2ip($end)); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* download db from ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz | |
*/ | |
$handle = @fopen("ripe.db.inetnum", "r"); | |
$ranges = []; | |
echo "Parsing:\n"; | |
if ($handle) { | |
$i = 0; | |
$j = 0; | |
$rc = 0; | |
while (($buffer = fgets($handle, 4096)) !== false) { | |
$i++; | |
$j++; | |
if($j == 100000){ | |
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r"; | |
$j = 0; | |
} | |
if(substr($buffer,0,7) == 'inetnum'){ | |
$range = substr($buffer,16,-1); | |
} | |
if(substr($buffer,0,7) == 'country'){ | |
if(substr($buffer,16,2) == 'RU'){ | |
$ranges[] = $range; | |
$rc++; | |
} | |
} | |
} | |
if (!feof($handle)) { | |
echo "Error: unexpected fgets() fail\n"; | |
} | |
fclose($handle); | |
echo "Total ranges: $rc\n"; | |
if(count($ranges) > 0){ | |
file_put_contents("ip.ru.ranges.txt", implode("\n", $ranges)); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
cd /root/sh | |
wget -O ripe.db.inetnum.gz ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz | |
if [ ! -f /root/sh/ripe.db.inetnum.gz ]; then | |
echo "File ripe.db.inetnum.gz not found!" | |
exit | |
fi | |
gunzip ripe.db.inetnum.gz | |
rm -f ripe.db.inetnum.gz | |
echo "Get ripe.db.inetnum lines count..." | |
c=$(wc -l ripe.db.inetnum) | |
php ranges.php $c | |
rm -f ripe.db.inetnum | |
c=$(wc -l ip.ru.ranges.txt) | |
php ip2cidr.php $c | |
rm -f ip.ru.ranges.txt | |
if [ ! -f /root/ipset.rusnetworks.rules ]; then | |
echo "File /root/ipset.rusnetworks.rules not found!" | |
exit | |
fi | |
echo "Stopping iptables service" | |
systemctl stop iptables | |
echo "Remove set rusnetworks from ipset" | |
ipset -X rusnetworks | |
echo "Restore set rusnetworks from ipset.rusnetworks.rules" | |
cat /root/ipset.rusnetworks.rules | ipset restore -! | |
echo "Starting iptables service" | |
systemctl start iptables | |
echo "Add iptables rusnetworks rule" | |
/usr/sbin/iptables -I INPUT 6 -p tcp -m set --match-set rusnetworks src -m state --state NEW -m multiport --dports 80,443 -j ACCEPT | |
/usr/sbin/iptables -S | grep rusnetworks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment