You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

31 lines
823 B
Bash

#!/bin/sh
# Block SSH connections from CN etc.
#
# This downloads a list of IP addresses from some website via unencrypted HTTP and then
# blocks this list of IP addresses without filtering. You should probably not use this
# script.
set -e
ports="ssh,websm" # comma-separated for iptables -m multiport
countries="cn hk" # space-separated
for country in $countries; do
ipset -q -N geoblock-$country hash:net || true
tmp_zone=`mktemp`
curl -s -o $tmp_zone http://www.ipdeny.com/ipblocks/data/aggregated/$country-aggregated.zone
for ip in $(cat $tmp_zone); do
ipset -A geoblock-$country "$ip" -exist
done
rm -f $tmp_zone
rule_spec="-p tcp -m multiport --dports $ports \
-m set --match-set geoblock-$country src -j REJECT"
if ! iptables -C INPUT $rule_spec; then
iptables -I INPUT $rule_spec
fi
done