#Country ban with UFW#
Grab your different country ip addresses and save as Linux IPTables
http://www.ip2location.com/free/visitor-blocker
##Add country## Run the following command
while read line; do sudo ufw deny from $line; done < all.txt
Where the filename is the country.
##Remove country## To remove or revert these rules, keep that list of IPs! Then run a command like so to remove the rules:
while read line; do sudo ufw delete deny from $line; done < all.txt
##Suggestion## What I did was exported each individual country as their own country.txt file. But then realized that I wanted to run this thing one time, so I ran the following command:
cat *.txt >> all.txt
Then you can run your rule against all of the files.
what about this script?
#!/bin/bash
Function to create an ipset and add CIDR ranges from a file
function create_ipset_and_add() {
local ipset_name=$1
local cidr_file=$2
local ipset_type=$3
}
Create ipsets for country A and country B for both IPv4 and IPv6
create_ipset_and_add "country_a_cidr" "country_a_cidr.txt" "hash:ip"
create_ipset_and_add "country_b_cidr" "country_b_cidr.txt" "hash:ip"
Allow outgoing traffic to all IPs
sudo ufw default allow outgoing
Allow incoming traffic from country A and country B, block others for both IPv4 and IPv6
sudo ufw deny from any to any
sudo ufw allow from ipset:country_a_cidr
sudo ufw allow from ipset:country_b_cidr
Enable ufw
sudo ufw enable
I'll allow incoming from 2 countries block the rest of world, then allowing all outgoing.