evolix/minifirewall
21
0
Fork 0
Code Issues 4 Pull requests 3 Releases 1 Activity

Update blacklist-countries.sh script to be used with nftables

Browse source
This commit is contained in:
Tristan PILAT 2020-10-14 17:21:54 +02:00
parent 1b19f7084b
commit 6bc1b75cd2
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
blacklist-countries.sh
View file

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
NFT=/usr/sbin/nft
ripedeny_file=/var/tmp/ripe_deny ripedeny_file=/var/tmp/ripe_deny
cd /var/tmp cd /var/tmp
@ -10,14 +11,10 @@ GET http://antispam00.evolix.org/spam/ripe.cidr.md5 > ripe.cidr.md5
GET http://antispam00.evolix.org/spam/ripe.cidr > ripe.cidr GET http://antispam00.evolix.org/spam/ripe.cidr > ripe.cidr
for i in CN KR RU; do for i in CN KR RU; do
grep "^$i|" ripe.cidr >> $ripedeny_file grep "^$i|" ripe.cidr >> $ripedeny_file
done done
/sbin/iptables -F NEEDRESTRICT
for i in $(cat $ripedeny_file); do for i in $(cat $ripedeny_file); do
BLOCK=$(echo $i | cut -d"|" -f2) BLOCK=$(echo $i | cut -d"|" -f2)
/sbin/iptables -I NEEDRESTRICT -s $BLOCK -j DROP $NFT add element inet minifirewall minifirewall_blocked_ips {$BLOCK}
done done