Blokuojam ip pagal šalis [iptables]
Pridedu, skriptas:
#!/bin/bash # This Script is for blocking ips of countries you want # #################################### cd /root/ NOW=$(date +"%Y-%m-%d") echo "" echo "Blocking IPS of any country" echo "" echo "To know code of countries which you want to block" echo "you can enter ( http://www.ipdeny.com )" echo "" sleep 3 echo "Please type code of country Ex. ( cn ) for China " echo -n " Enter Code : " read code wget -c --output-document=tmp_ips4countries.txt http://www.ipdeny.com/ipblocks/data/countries/$code.zone echo "# ".$NOW." Country: ".$code > block_ip_list.txt cat tmp_ips4countries.txt >> block_ip_list.txt echo " Downloaded qt: " wc -l tmp_ips4countries.txt rm tmp_ips4countries.txt echo "Done" echo "Do you want block IP now? (y/N)" read ansv if [[ $ansv == "y" ]] then echo $NOW - $code >> block.log ################################ # add Banned IP's to firewall can be single IP, CIDR, or a RANGE # #save iptable NOW=$(date +"%m-%d-%Y") iptables-save > /root/backup_iptables/$NOW.iptables.conf #blocking VISO=0 BLOCK_LIST=/root/block_ip_list.txt if [ ! -f $BLOCK_LIST ] then echo "Unable to add blocks to IPTABLES because file $BLOCK_LIST is missing" exit fi CURRENT_RULES=`iptables -nL` while read entries ;do # skip comment lines starting with ; or # case $entries in \#*|\;*) continue ;; esac if [[ $CURRENT_RULES =~ $entries ]] then printf "%-20s %20s\n" $entries 'already referenced in iptable - skipping' else # is this CIDR, range or single IP? if [[ $entries =~ "-" ]] then #--src-range printf "%-20s %20s %1s %1s\n" 'ADDING RULE:' 'iptables -A INPUT --src-range' $entries '-j DROP' iptables -A INPUT --src-range $entries -j DROP let VISO=VISO+1 else #--CIDR or single printf "%-20s %20s %1s %1s\n" 'ADDING RULE:' 'iptables -A INPUT -s' $entries '-j DROP' iptables -A INPUT -s $entries -j DROP let VISO=VISO+1 fi fi done < $BLOCK_LIST echo "Added IP: " $VISO ###################### fi echo "Done"