Skip to content

Instantly share code, notes, and snippets.

@liruqi
Last active February 6, 2016 08:34
Show Gist options
  • Save liruqi/9d8a00921c0aab2adb40 to your computer and use it in GitHub Desktop.
Save liruqi/9d8a00921c0aab2adb40 to your computer and use it in GitHub Desktop.
shadowsocks server config
# copied from: http://code.google.com/p/chnroutes/source/browse/trunk/chnroutes.py
import re
import urllib2
import sys
import argparse
import math
import json
def fetch_ip_data():
#fetch data from apnic
print "Fetching data from apnic.net, it might take a few minutes, please wait..."
url=r'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'
data=urllib2.urlopen(url).read()
cnregex=re.compile(r'apnic\|cn\|ipv4\|[0-9\.]+\|[0-9]+\|[0-9]+\|a.*',re.IGNORECASE)
cndata=cnregex.findall(data)
results=[]
for item in cndata:
unit_items=item.split('|')
starting_ip=unit_items[3]
num_ip=int(unit_items[4])
imask=0xffffffff^(num_ip-1)
#convert to string
imask=hex(imask)[2:]
mask=[0]*4
mask[0]=imask[0:2]
mask[1]=imask[2:4]
mask[2]=imask[4:6]
mask[3]=imask[6:8]
#convert str to int
mask=[ int(i,16 ) for i in mask]
mask="%d.%d.%d.%d"%tuple(mask)
#mask in *nix format
mask2=32-int(math.log(num_ip,2))
if (mask2 <= 16):
results.append((starting_ip + "/%d")%mask2)
return results
if __name__=='__main__':
r = fetch_ip_data()
s = "\n".join(r)
print s
open("iptables.conf", "w").write(s)
python ipset-gen.py
echo '-N CHINA nethash --hashsize 20000 --probes 2' > CHINA.ip
cat iptables.conf | awk '{print "-A CHINA " $1}' >> CHINA.ip
echo 'COMMIT' >> CHINA.ip
ipset -R < CHINA.ip
iptables -A OUTPUT -p tcp --dport 80 -m set --match-set CHINA dst -j REJECT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment