Use at own risk. Programs haven't been thoroughly tested.

script: country_firewall.bash

Bash script to generate Firewall rules based on Country Source In current version it only allows requests from the Netherlands and the output is in Cisco ACL format, but it can be easily modified to support iptables.

Info

@author Kevin van Zonneveld
@version 0.2
@link http://kevin.vanzonneveld.net
@param (string) COUNTRY Country code to allow traffic from
@param (string) TMP Where to temporarily store the Range Database
@param (string) OUT Where to store the firewall rules

Example

Usage
country_firewall.bash

Outputs
[ writes firewall rules to $OUT ]

Source Code

download source
#!/bin/bash
#
 
COUNTRY="NL"
 
TMP="/tmp/${COUNTRY}_db"
OUT="/tmp/${COUNTRY}_blocks"
 
echo ""
echo -n "Do you want to download a new range database? [Y/n]"
read DOWNLOAD
 
if [ ! "${DOWNLOAD}" = "n" ]; then
    echo "Download :"
    /usr/bin/wget -v --progress=bar ftp://ftp.apnic.net/public/stats/ripe-ncc/delegated-ripencc-latest -O $TMP
fi
 
echo "" > ${OUT}
 
for country in ${COUNTRY}
do
    IPS=`cat ${TMP} | grep "${country}" | egrep '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sed -re "s/(ripencc\||${country}|\|ipv(4|6)\||\|allocated|\|assigned|\|(199|200)[0-9]{5})//g;s/\|1/\/32/;s/\|2/\/31/;s/\|4/\/30/;s/\|8/\/29/;s/\|16/\/28/;s/\|32/\/27/;s/\|64/\/26/;s/\|128/\/25/;s/\|256/\/24/;s/\|512/\/23/;s/\|1024/\/22/;s/\|2048/\/21/;s/\|4096/\/20/;s/\|8192/\/19/;s/\|16384/\/18/;s/\|32768/\/17/;s/\|65536/\/16/;s/\|131072/\/15/;s/\|262144/\/14/;s/\|524288/\/13/;s/\|1048576/\/12/;s/\|2097152/\/11/;s/\|4194304/\/10/;s/\|8388608/\/9/;s/\|16777216/\/8/"`
    let "i = 0"
    for ipr in ${IPS};do
        let "i = i + 10"
        echo "seq ${i} permit ${ipr}" >> ${OUT}
    done
done
 
let "d = 1000-((i/10)-1000)"
let "i = i+(d*10)"
 
 
echo "seq ${i} deny any" >> ${OUT}
 
echo "Block list saved as ${OUT}"
echo ""

Add comment

» Currently away on vacation. I can reply your message the 24th of July 2008. Please post anyway and check back then. Thank you!

for syntax highlighting

[CODE="Javascript"]
your_code_here();
[/CODE]

Replace "Javascript"
with "php", "text", etc.code (to make sure you are not a spammer)

Comments

No comments. Be the first!