Created
June 16, 2022 02:00
-
-
Save sideup66/18e8377c2fd0bc111deeb9457ca486e9 to your computer and use it in GitHub Desktop.
GeoIP block using ipsets. script was originally derived from a old thread on the dd-wrt forums located here: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=280462&postdays=0&postorder=asc&start=0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -x | |
##Verify the network is up before continuing | |
until ping -c1 www.google.com >/dev/null 2>&1; do :; done | |
### Block all traffic from listed. Use ISO code ### | |
ISO="br-aggregated cn-aggregated tw-aggregated ru-aggregated ir-aggregated ph-aggregated sg-aggregated hk-aggregated ua-aggregated ge-aggregated cz-aggregated in-aggregated ke-aggregated za-aggregated id-aggregated kh-aggregated vn-aggregated rs-aggregated tr-aggregated al-aggregated bg-aggregated kr-aggregated ph-aggregated" | |
#Testing | |
#ISO="tw-aggregated" | |
### Set PATH ### | |
IPT=/usr/sbin/ipset | |
WGET=/usr/bin/wget | |
EGREP=/bin/egrep | |
LOCKFILE=/tmp/ipblocklock.txt | |
### No editing below ### | |
inSPAMLIST="countrydrop" | |
ZONEROOT="/tmp/mnt/sda1/ipblock/zones" | |
DLROOT="http://www.ipdeny.com/ipblocks/data/aggregated" | |
iBL="/tmp/mnt/sda1/ipblock/zones/countrydrop" | |
if [ -e ${LOCKFILE} ] && kill -0 `cat ${LOCKFILE}`; then | |
echo "Lock file exist.. exiting" | |
exit | |
fi | |
# make sure the lockfile is removed when we exit and then claim it | |
trap "rm -f ${LOCKFILE}; exit" INT TERM EXIT | |
echo $$ > ${LOCKFILE} | |
cleanOldRules(){ | |
$IPT destroy $inSPAMLIST | |
} | |
# create a dir | |
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT | |
# clean old rules | |
cleanOldRules | |
rm -f $iBL | |
for c in $ISO | |
do | |
# local zone file | |
tDB=$ZONEROOT/$c.zone | |
# get fresh zone file | |
$WGET -T 30 -O $tDB $DLROOT/$c.zone | |
awk -v inSPAMLIST=$inSPAMLIST '{print """ "$1""}' $tDB >> $iBL | |
done | |
#sync to flush buffers | |
sync | |
#add to ipset now | |
$IPT create $inSPAMLIST hash:net | |
#add the entries in ere | |
while read line | |
do | |
#add to the ipset | |
$IPT add $inSPAMLIST $line | |
done < $iBL | |
rm -f ${LOCKFILE} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment