From 6bc1b75cd2d21af853ccadd36d646c3ff96d391f Mon Sep 17 00:00:00 2001
From: Tristan PILAT <tpilat@evolix.fr>
Date: Wed, 14 Oct 2020 17:21:54 +0200
Subject: [PATCH] Update blacklist-countries.sh script to be used with nftables

---
 blacklist-countries.sh | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/blacklist-countries.sh b/blacklist-countries.sh
index 3a3d20d..92dae0d 100644
--- a/blacklist-countries.sh
+++ b/blacklist-countries.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
 
+NFT=/usr/sbin/nft
 ripedeny_file=/var/tmp/ripe_deny
 
 cd /var/tmp
@@ -10,14 +11,10 @@ GET http://antispam00.evolix.org/spam/ripe.cidr.md5 > ripe.cidr.md5
 GET http://antispam00.evolix.org/spam/ripe.cidr > ripe.cidr
 
 for i in CN KR RU; do
-
     grep "^$i|" ripe.cidr >> $ripedeny_file
-
 done
 
-/sbin/iptables -F NEEDRESTRICT
-
 for i in $(cat $ripedeny_file); do
     BLOCK=$(echo $i | cut -d"|" -f2)
-    /sbin/iptables -I NEEDRESTRICT -s $BLOCK -j DROP
+    $NFT add element inet minifirewall minifirewall_blocked_ips {$BLOCK}
 done