# # Create Linux ipset data file for geoblocking with iptables firewall # Ipset homepage: http://ipset.netfilter.org/ # Download this file from page https://wiki.fysik.dtu.dk/it/Linux_firewall_configuration # Author: Ole.H.Nielsen@fysik.dtu.dk # Version: 18-Feb-2015 # # Blacklisted contries (example only). # See the full list of country zones at http://www.ipdeny.com/ipblocks/ COUNTRYLIST=ae ar bd bg bh br cl cn co cr ec eg ge hk id il in ir jp kr kz lt lv mx my pa pe pk py ru sa sd sk th tn tr tw ua vn za # Geo zones are from http://www.ipdeny.com/ipblocks/ WGET=/usr/bin/wget --timestamping SITE=http://www.ipdeny.com/ipblocks/data/countries ZONES=all-zones.tar.gz ZONEDIR=zones # RHEL6/CentOS6 ipset data file IPSET=/etc/sysconfig/ipset default: ${IPSET} # Create a new ipset data file ${IPSET}: ${ZONES} sanitycheck echo "create geoblock hash:net" > $@ @for c in ${COUNTRYLIST}; \ do \ echo Adding country zone file ${ZONEDIR}/$$c.zone to ipset ; \ cat ${ZONEDIR}/$$c.zone | awk '{printf("add geoblock %s\n", $$1)}' >> $@; \ done @echo ipset file written: @ls -l ${IPSET} # Update the country zone files from the web and extract to subdir zones ${ZONES}: FRC ${WGET} ${SITE}/${ZONES} rm -rf zones; mkdir zones (cd zones; tar xzf ../all-zones.tar.gz) # Sanity checks: sanitycheck: @for c in ${COUNTRYLIST}; \ do \ if test ! -s ${ZONEDIR}/$$c.zone; \ then \ echo ERROR: No such zone file: ${ZONEDIR}/$$c.zone; \ exit 1; \ fi; \ done FRC: clean: rm -rf all-zones.tar.gz zones