Commit 599c6e02 authored by Ivan's avatar Ivan
Browse files

GeoIPBlock

parent 742dd756
## Script request:
https://forum.shell5.dev/topic/8/drop-reject-all-packets-from-region/
## Description:
Utilize iptables's xtables module to geoip block requests on 80/443 ports.
Optimized for Debian 9.
## Content:
geoipblock.sh - Script installs needed dependencies, builds xtables 3.3 from the source, blocks IPs originating from countries in countries.txt file, and optionaly saves iptables rules utilizing netfilter-persistent package.
countries.txt - Contains list of country codes of countries located in Asia.
Notes: If netfilter-persistent package is not already installed on the machine, it will prompt if you wish to save existent rules during install. Answer no.
There will also be prompt by cpan perl module about automatic setup, you should respond with yes.
## Usage:
```bash
sudo bash geoipblock.sh
```
## Credits:
Xtables: http://xtables-addons.sourceforge.net/
\ No newline at end of file
AF
AM
AZ
BH
BD
BT
IO
BN
KH
CN
CX
CC
CY
GE
HK
IN
ID
IR
IQ
IL
JP
JO
KZ
KP
KR
KW
KG
LA
LB
MO
MY
MV
MN
MM
NP
OM
PK
PS
PH
QA
SA
SG
LK
SY
TW
TJ
TH
TL
TR
TM
AE
UZ
VN
YE
#!/bin/bash -
#title :geoipblock.sh
#description :Utilize iptables module xtables to geoip block certain countries on port 80/443
#author :ajvn ([email protected])
#date :April 5th 2019
#version :0.1
#usage :sudo bash geoipblock.sh
#notes :Requires root privileges
#bash_version :GNU bash, version 4.4.23(1)-release (x86_64-redhat-linux-gnu)
#==============================================================================
# Copy countries.txt to home path
echo "Copying countries list to home directory..."
echo ""
cp countries.txt $HOME/
# Install packages required for xtables
echo "Installing dependencies..."
sleep 1
apt-get update
apt-get install iptables-dev xtables-addons-common libtext-csv-xs-perl pkg-config iptables-persistent -y
# Installing needed PERL Module
cpan -i Net::CIDR::Lite
# Download XTables
echo ""
echo "Downloading xtables ..."
XTABLES_URL="https://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-3.3.tar.xz"
wget -P /tmp $XTABLES_URL
cd /tmp
tar xf xtables-addons-3.3.tar.xz -C $HOME/
cd $HOME/xtables-addons-3.3
# Compiling addon
echo "Compiling xtables..."
echo ""
sleep 1
./configure
make
make install
echo "Installing GeoIP Database..."
echo ""
mkdir -p /usr/share/xt_geoip/LE
cd $HOME/xtables-addons-3.3/geoip
./xt_geoip_dl
./xt_geoip_build -S GeoLite2-Country-* -D /usr/share/xt_geoip/LE
echo "Setting up Iptables rules..."
while read in;
do iptables -I INPUT -m geoip --src-cc $in -p tcp -m tcp -m multiport --dports 80,443 -j DROP;
done < /$HOME/countries.txt
echo ""
echo "Iptables rules are applied..."
sleep 1
echo ""
iptables -S
echo ""
echo "Do you wish to save iptables rules on next reboot? y/n: "
read answer
if [[ $answer =~ ^[Yy]$ ]]; then
echo ""
echo "Setting up persistent rules..."
service netfilter-persistent save
elif [[ $answer =~ ^[Nn]$ ]]; then
echo "Ip tables rules will be lost after next reboot"
exit 0
else
echo "Please type y or n."
exit 1
fi
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment