diff options
| author | Kyle K <kylek389@gmail.com> | 2017-05-08 23:02:32 -0500 |
|---|---|---|
| committer | Kyle K <kylek389@gmail.com> | 2017-05-08 23:02:32 -0500 |
| commit | 7b028960b478d1c8d6512419aee783da1fca9121 (patch) | |
| tree | 17ef948a6d9566f7cf7e6968936f45b57f263973 /ddwrt | |
| parent | 5c961dc755954d1a2f90248c81aff725cf38466c (diff) | |
| download | scripts-7b028960b478d1c8d6512419aee783da1fca9121.tar.gz scripts-7b028960b478d1c8d6512419aee783da1fca9121.tar.bz2 scripts-7b028960b478d1c8d6512419aee783da1fca9121.zip | |
ddwrt script to drop all Chinese IPv4 ranges
Diffstat (limited to 'ddwrt')
| -rw-r--r-- | ddwrt/ipblock.sh | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/ddwrt/ipblock.sh b/ddwrt/ipblock.sh new file mode 100644 index 0000000..1bd2198 --- /dev/null +++ b/ddwrt/ipblock.sh @@ -0,0 +1,89 @@ +#!/bin/sh + + +### USAGE +# +# Append below to 'Commands' as save to 'Save Firewall' and place this script to /opt/ipblock/ipblock.sh +# +#iptables -N countrydropin +#iptables -N countrydropout +#iptables -I INPUT 2 -i vlan2 -j countrydropin +#iptables -I FORWARD 2 -i vlan2 -j countrydropin +#iptables -I FORWARD 3 -o vlan2 -j countrydropout +#sh /opt/ipblock/ipblock.sh & + +#set -x + +### Block all traffic from listed. Use ISO code ### +ISO="cn-aggregated" +CLOCAL="custom" + +### Set PATH ### +IPT=/usr/sbin/iptables +WGET=/usr/bin/wget +EGREP=/bin/egrep +LOCKFILE=/tmp/ipblock.lock + +### No editing below ### +inSPAMLIST="countrydropin" +outSPAMLIST="countrydropout" +ZONEROOT="/opt/ipblock/zones" +DLROOT="http://www.ipdeny.com/ipblocks/data/aggregated" +iBL="${ZONEROOT}/ipblockin.rules" +oBL="${ZONEROOT}/ipblockout.rules" + +if [ -e ${LOCKFILE} ] && kill -0 `cat ${LOCKFILE}`; then + echo "Lock file exist.. exiting" + exit +fi + +# make sure the lockfile is removed when we exit and then claim it +trap "rm -f ${LOCKFILE}; exit" INT TERM EXIT +echo $$ > ${LOCKFILE} + +cleanOldRules(){ + $IPT -F countrydropin + $IPT -F countrydropout +} + +# create a dir +[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT + +# clean old rules +cleanOldRules +rm -f $iBL +rm -f $oBL + +echo '*filter' > $iBL +echo '*filter' > $oBL + +for c in $ISO +do + # local zone file + tDB=$ZONEROOT/$c.zone + + # get fresh zone file + $WGET -T 30 -O $tDB $DLROOT/$c.zone + + awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL + awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL +done + +for c in $CLOCAL +do + # local custom zone file + if [ -e $ZONEROOT/$c.zone ]; then + tDB=$ZONEROOT/$c.zone + + awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL + awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL + fi +done + +echo 'COMMIT' >> $iBL +echo 'COMMIT' >> $oBL + +iptables-restore -n < $iBL +iptables-restore -n < $oBL + +rm -f ${LOCKFILE} |