Skip to content

Instantly share code, notes, and snippets.

@greenpeas

greenpeas/ip2cidr.php

Last active Dec 3, 2019
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
PHP Russia ip ranges parser ripe.db.inetnum to ipset restore file
Raw
ip2cidr.php
<?php
$handle = @fopen("ip.ru.ranges.txt", "r");
$fullNetworks = [];
$fullNetworks[] = "104.192.136.0/21"; // ATLASSIAN PTY LTD
$fullNetworks[] = "69.162.124.226/28"; // uptimerobot.com
$fullNetworks[] = "63.143.42.242/28"; // uptimerobot.com
$fullNetworks[] = "66.249.64.0/19"; // Googlebot
$fullNetworks[] = "66.102.0.0/20"; // Google Inc
$ips = [];
$i = 0;
$j = 0;
echo "Progress ips2cidr:\n";
if ($handle) {
while (($buffer = fgets($handle, 1024)) !== false) {
$i++;
$j++;
if($j == 100){
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r";
$j = 0;
}
$ips = explode(" - ", trim($buffer));
ip2cidr($ips,$fullNetworks);
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
}
fclose($handle);
echo "Total networks: " . count($fullNetworks)."\n";
if (count($fullNetworks) > 0) {
file_put_contents("/root/ipset.rusnetworks.rules", "create rusnetworks hash:net family inet hashsize 1024 maxelem 500000\nadd rusnetworks " . implode("\nadd rusnetworks ", $fullNetworks) . "\n");
}
}
function ip2cidr($ips,&$fullNetworks) {
$num = ip2long($ips[1]) - ip2long($ips[0]) + 1;
$bin = decbin($num);
$chunk = str_split($bin);
$chunk = array_reverse($chunk);
$start = 0;
while ($start < count($chunk)) {
if ($chunk[$start] != 0) {
$start_ip = isset($range) ? long2ip(ip2long($range[1]) + 1) : $ips[0];
$range = cidr2ip($start_ip . '/' . (32 - $start));
$fullNetworks[] = $start_ip . '/' . (32 - $start);
}
$start++;
}
}
function cidr2ip($cidr) {
$ip_arr = explode('/', $cidr);
$start = ip2long($ip_arr[0]);
$nm = $ip_arr[1];
$num = pow(2, 32 - $nm);
$end = $start + $num - 1;
return array($ip_arr[0], long2ip($end));
}
Raw
ranges.php
<?php
/**
* download db from ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz
*/
$handle = @fopen("ripe.db.inetnum", "r");
$ranges = [];
echo "Parsing:\n";
if ($handle) {
$i = 0;
$j = 0;
$rc = 0;
while (($buffer = fgets($handle, 4096)) !== false) {
$i++;
$j++;
if($j == 100000){
echo "$i of $argv[1] ".ceil(100/$argv[1]*$i)."%\r";
$j = 0;
}
if(substr($buffer,0,7) == 'inetnum'){
$range = substr($buffer,16,-1);
}
if(substr($buffer,0,7) == 'country'){
if(substr($buffer,16,2) == 'RU'){
$ranges[] = $range;
$rc++;
}
}
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
}
fclose($handle);
echo "Total ranges: $rc\n";
if(count($ranges) > 0){
file_put_contents("ip.ru.ranges.txt", implode("\n", $ranges));
}
}
Raw
update_rusnetworks.sh
#!/bin/bash
cd /root/sh
wget -O ripe.db.inetnum.gz ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz
if [ ! -f /root/sh/ripe.db.inetnum.gz ]; then
echo "File ripe.db.inetnum.gz not found!"
exit
fi
gunzip ripe.db.inetnum.gz
rm -f ripe.db.inetnum.gz
echo "Get ripe.db.inetnum lines count..."
c=$(wc -l ripe.db.inetnum)
php ranges.php $c
rm -f ripe.db.inetnum
c=$(wc -l ip.ru.ranges.txt)
php ip2cidr.php $c
rm -f ip.ru.ranges.txt
if [ ! -f /root/ipset.rusnetworks.rules ]; then
echo "File /root/ipset.rusnetworks.rules not found!"
exit
fi
echo "Stopping iptables service"
systemctl stop iptables
echo "Remove set rusnetworks from ipset"
ipset -X rusnetworks
echo "Restore set rusnetworks from ipset.rusnetworks.rules"
cat /root/ipset.rusnetworks.rules | ipset restore -!
echo "Starting iptables service"
systemctl start iptables
echo "Add iptables rusnetworks rule"
/usr/sbin/iptables -I INPUT 6 -p tcp -m set --match-set rusnetworks src -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
/usr/sbin/iptables -S | grep rusnetworks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment