Last active
March 29, 2022 04:23
-
-
Save sjlongland/1dc5b4dc5dca0cf5fd928f795f64bb8a to your computer and use it in GitHub Desktop.
Shell script to generate blacklists by country code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# This is a script I use on my own personal servers to block the following countries: | |
# Belarus: for supporting Russia | |
# China: for human rights abuses in Xinjiang | |
# Hong Kong: because China claims this is "their" territory and the HK government seems to agree | |
# Russia: Invasion of Ukraine (ohh, and BTW… Пу́тін — хуйло́ / Пу́тин — хуйло́) | |
# Provided in the public domain without any guarantee or warranty whatsoever, use at your own risk. | |
# Typical usage in `pf`: | |
# include "/etc/pf.blacklist-ipv4" | |
# include "/etc/pf.blacklist-ipv6" | |
# block drop in on egress inet from <blacklist_zone_ipv4> to any | |
# block drop in on egress inet6 from <blacklist_zone_ipv6> to any | |
# block drop out on egress inet from any to <blacklist_zone_ipv4> | |
# block drop out on egress inet6 from any to <blacklist_zone_ipv6> | |
set -ex | |
IPV4_BASE_URI=https://www.ipdeny.com/ipblocks/data/aggregated | |
IPV6_BASE_URI=https://www.ipdeny.com/ipv6/ipaddresses/aggregated | |
BLACKLIST="by cn hk ru" | |
BLACKLIST_DIR=$( mktemp -d ) | |
trap "rm -fr ${BLACKLIST_DIR}" INT TERM QUIT ERR EXIT | |
# Acquire the zone files | |
for zone in ${BLACKLIST}; do | |
curl -o ${BLACKLIST_DIR}/${zone}-ipv4.zone ${IPV4_BASE_URI}/${zone}-aggregated.zone | |
curl -o ${BLACKLIST_DIR}/${zone}-ipv6.zone ${IPV6_BASE_URI}/${zone}-aggregated.zone | |
done | |
# Build up the tables | |
for table in ipv4 ipv6; do | |
cat <<EOF > ${BLACKLIST_DIR}/pf.blacklist-${table} | |
table <blacklist_zone_${table}> { | |
EOF | |
for zone in ${BLACKLIST_DIR}/*-${table}.zone; do | |
echo "# $( basename ${zone} )" | |
cat ${zone} | |
echo "" | |
done >> ${BLACKLIST_DIR}/pf.blacklist-${table} | |
cat <<EOF >> ${BLACKLIST_DIR}/pf.blacklist-${table} | |
} | |
EOF | |
done | |
# Move to /etc | |
mv ${BLACKLIST_DIR}/pf.blacklist-* /etc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment