From 7b028960b478d1c8d6512419aee783da1fca9121 Mon Sep 17 00:00:00 2001
From: Kyle K <kylek389@gmail.com>
Date: Mon, 8 May 2017 23:02:32 -0500
Subject: ddwrt script to drop all Chinese IPv4 ranges

---
 ddwrt/ipblock.sh | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 ddwrt/ipblock.sh

(limited to 'ddwrt')

diff --git a/ddwrt/ipblock.sh b/ddwrt/ipblock.sh
new file mode 100644
index 0000000..1bd2198
--- /dev/null
+++ b/ddwrt/ipblock.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+
+### USAGE
+#
+# Append below to 'Commands' as save to 'Save Firewall' and place this script to /opt/ipblock/ipblock.sh
+#
+#iptables -N countrydropin
+#iptables -N countrydropout
+#iptables -I INPUT 2 -i vlan2 -j countrydropin
+#iptables -I FORWARD 2 -i vlan2 -j countrydropin
+#iptables -I FORWARD 3 -o vlan2 -j countrydropout
+#sh /opt/ipblock/ipblock.sh & 
+
+#set -x
+
+### Block all traffic from listed. Use ISO code ###
+ISO="cn-aggregated"
+CLOCAL="custom"
+
+### Set PATH ###
+IPT=/usr/sbin/iptables
+WGET=/usr/bin/wget
+EGREP=/bin/egrep
+LOCKFILE=/tmp/ipblock.lock
+
+### No editing below ###
+inSPAMLIST="countrydropin"
+outSPAMLIST="countrydropout"
+ZONEROOT="/opt/ipblock/zones"
+DLROOT="http://www.ipdeny.com/ipblocks/data/aggregated"
+iBL="${ZONEROOT}/ipblockin.rules"
+oBL="${ZONEROOT}/ipblockout.rules"
+
+if [ -e ${LOCKFILE} ] && kill -0 `cat ${LOCKFILE}`; then
+    echo "Lock file exist.. exiting"
+    exit
+fi
+
+# make sure the lockfile is removed when we exit and then claim it
+trap "rm -f ${LOCKFILE}; exit" INT TERM EXIT
+echo $$ > ${LOCKFILE}
+
+cleanOldRules(){
+  $IPT -F countrydropin
+  $IPT -F countrydropout
+}
+
+# create a dir
+[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
+
+# clean old rules
+cleanOldRules
+rm -f $iBL
+rm -f $oBL
+
+echo '*filter' > $iBL
+echo '*filter' > $oBL
+
+for c in $ISO
+do
+        # local zone file
+        tDB=$ZONEROOT/$c.zone
+
+        # get fresh zone file
+        $WGET -T 30 -O $tDB $DLROOT/$c.zone
+
+        awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL
+        awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL
+done
+
+for c in $CLOCAL
+do
+        # local custom zone file
+        if [ -e $ZONEROOT/$c.zone ]; then
+            tDB=$ZONEROOT/$c.zone
+
+            awk -v inSPAMLIST=$inSPAMLIST '{print "-A "inSPAMLIST" -s "$1" -j DROP"}' $tDB >> $iBL
+            awk -v outSPAMLIST=$outSPAMLIST '{print "-A "outSPAMLIST" -d "$1" -j REJECT"}' $tDB >> $oBL
+        fi
+done
+
+echo 'COMMIT' >> $iBL
+echo 'COMMIT' >> $oBL
+
+iptables-restore -n < $iBL
+iptables-restore -n < $oBL
+
+rm -f ${LOCKFILE}
-- 
cgit v1.2.3