Skip to content

Instantly share code, notes, and snippets.

@greenpeas
Last active December 3, 2019 13:36
Show Gist options
  • Save greenpeas/d04cd0fe1e20a8d6e8045a5ae510a2d8 to your computer and use it in GitHub Desktop.
Save greenpeas/d04cd0fe1e20a8d6e8045a5ae510a2d8 to your computer and use it in GitHub Desktop.
PHP Russia ip ranges parser ripe.db.inetnum to ipset restore file
<?php
$handle = @fopen("ip.ru.ranges.txt", "r");
$fullNetworks = [];
$fullNetworks[] = "104.192.136.0/21"; // ATLASSIAN PTY LTD
$fullNetworks[] = "69.162.124.226/28"; // uptimerobot.com
$fullNetworks[] = "63.143.42.242/28"; // uptimerobot.com
$fullNetworks[] = "66.249.64.0/19"; // Googlebot
$fullNetworks[] = "66.102.0.0/20"; // Google Inc
$ips = [];
$i = 0;
$j = 0;
echo "Progress ips2cidr:\n";
if ($handle) {
while (($buffer = fgets($handle, 1024)) !== false) {
$i++;
$j++;
if($j == 100){
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r";
$j = 0;
}
$ips = explode(" - ", trim($buffer));
ip2cidr($ips,$fullNetworks);
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
}
fclose($handle);
echo "Total networks: " . count($fullNetworks)."\n";
if (count($fullNetworks) > 0) {
file_put_contents("/root/ipset.rusnetworks.rules", "create rusnetworks hash:net family inet hashsize 1024 maxelem 500000\nadd rusnetworks " . implode("\nadd rusnetworks ", $fullNetworks) . "\n");
}
}
function ip2cidr($ips,&$fullNetworks) {
$num = ip2long($ips[1]) - ip2long($ips[0]) + 1;
$bin = decbin($num);
$chunk = str_split($bin);
$chunk = array_reverse($chunk);
$start = 0;
while ($start < count($chunk)) {
if ($chunk[$start] != 0) {
$start_ip = isset($range) ? long2ip(ip2long($range[1]) + 1) : $ips[0];
$range = cidr2ip($start_ip . '/' . (32 - $start));
$fullNetworks[] = $start_ip . '/' . (32 - $start);
}
$start++;
}
}
function cidr2ip($cidr) {
$ip_arr = explode('/', $cidr);
$start = ip2long($ip_arr[0]);
$nm = $ip_arr[1];
$num = pow(2, 32 - $nm);
$end = $start + $num - 1;
return array($ip_arr[0], long2ip($end));
}
<?php
/**
* download db from ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz
*/
$handle = @fopen("ripe.db.inetnum", "r");
$ranges = [];
echo "Parsing:\n";
if ($handle) {
$i = 0;
$j = 0;
$rc = 0;
while (($buffer = fgets($handle, 4096)) !== false) {
$i++;
$j++;
if($j == 100000){
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r";
$j = 0;
}
if(substr($buffer,0,7) == 'inetnum'){
$range = substr($buffer,16,-1);
}
if(substr($buffer,0,7) == 'country'){
if(substr($buffer,16,2) == 'RU'){
$ranges[] = $range;
$rc++;
}
}
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
}
fclose($handle);
echo "Total ranges: $rc\n";
if(count($ranges) > 0){
file_put_contents("ip.ru.ranges.txt", implode("\n", $ranges));
}
}
#!/bin/bash
cd /root/sh
wget -O ripe.db.inetnum.gz ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz
if [ ! -f /root/sh/ripe.db.inetnum.gz ]; then
echo "File ripe.db.inetnum.gz not found!"
exit
fi
gunzip ripe.db.inetnum.gz
rm -f ripe.db.inetnum.gz
echo "Get ripe.db.inetnum lines count..."
c=$(wc -l ripe.db.inetnum)
php ranges.php $c
rm -f ripe.db.inetnum
c=$(wc -l ip.ru.ranges.txt)
php ip2cidr.php $c
rm -f ip.ru.ranges.txt
if [ ! -f /root/ipset.rusnetworks.rules ]; then
echo "File /root/ipset.rusnetworks.rules not found!"
exit
fi
echo "Stopping iptables service"
systemctl stop iptables
echo "Remove set rusnetworks from ipset"
ipset -X rusnetworks
echo "Restore set rusnetworks from ipset.rusnetworks.rules"
cat /root/ipset.rusnetworks.rules | ipset restore -!
echo "Starting iptables service"
systemctl start iptables
echo "Add iptables rusnetworks rule"
/usr/sbin/iptables -I INPUT 6 -p tcp -m set --match-set rusnetworks src -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
/usr/sbin/iptables -S | grep rusnetworks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment