A firewall script for blocking off badly behaving countries in their entirety from a server.
Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
inc
screenshot
LICENSE
README.md
sanction

README.md

Sanction - to impose a sanction on; penalize, especially by way of discipline.

===============================================================================

This script is meant to be a quick and effective method to block entire ip blocks belonging to a specific country. You can block a specific port or ban the IP outright. If your server has IPset installed, it will use that rather than IPtables directly (far better performance, so IPset is advised if you can install it).

Note: Long term network filtering management is better handled by an external device (firewall, DoS mitigation services, etc) for a variety of reasons I am not going to get into in a README. That said, sometimes you need a quick way to stem the tide until you can get those services in place. That's where Sanction hopefully comes in handy.

Example usage:

sanction usage example shot

You will be prompted for the options (or choices) and you will be provided with a script to remove the iptables/ipset rules that sanction creates.

In the event more than one country is matched, it will present you a menu of options.

Any issues, questions, or ideas for improvements can be sent to adarke@gmail.com

Current wishlist: write the iptables rules into their own chain, multiple country entries, and setting it up to accept command line parameters rather than just interactive.

Changelog:

1.0.1 : Added timestamps to /tmp generated remove files so that you can run multiple times and not overwrite the first run.

1.0.0 : Fixed a bug with multiple word countries not resolving properly. Added missing countries to the list.

0.9.5 : fixed a bug with ipset not honoring rules in 6.11-3

0.9.4 : ipset support added, if ipset is installed

0.9.3 : Clean up of rule generation.

0.9.2 : Routines for multiple country matches and error checking in place. General clean up of code and pushed to public beta.