With installed firewalld drop zone and ipset, you can block countries with the following script.
Change the variable COUNTRIES to the country you want to block.
ZONES="br cn in"- Download defined zones from ipdeny.com
- Download all zones from ipdeny.com with archive
- Download zones to local folder
- Setup ipsets from local downloaded zones
- Setup ipset from downloaded archive
- Delete ipset from firewalld
- Setup ipset from local downloaded zones
- Setup ipset from downloaded archive
- Add zones from files located in repo (if ipdeny site not available)
- Use alternative zones mirror (if ipdeny site not available)
You can use the script with the following command:
./run.sh -saOr set custom local.list file and run:
./run.sh -ll -saOr just run:
./run.shYou can just download zones to local catalog:
./run.sh -doYou can pass country code with -c option:
./run.sh -c "br"Script will try to download br zone from ipdeny.com and setup ipset from local downloaded zones, if ipdeny site not available, script will setup ipset from repo located zones.
You can use the script with the following command ./run.sh -h:
Usage: ./run.sh [options]
Options:
-ln, --list-name <list> Name of the ipset list (default: blcountries)
-mx, --maxelem <maxelem> Maximum number of elements in the ipset list (default: 131072)
-hx, --hashsize <hashsize> Hash size of the ipset list (default: 32768)
-am, --alternative-mirror Another IP source mirror (default: ipdeny.com)
-daz, --download-all-zones Download all country zones from ipdeny.com (all-zones.tar.gz)
-di, --delete-ipset Delete ipset from firewalld (default: blcountries)
-dl, --download-local Download zones to local folder
-sl, --setup-from-local Setup ipsets from local downloaded zones
-sa, --setup-from-archive Setup ipset from downloaded archive
-h, --help Show this message (help)If ipdeny.com restricted from your region, you can download regularly updated file from this repo.
Download example:
wget https://github.com/m0zgen/geo2drop/raw/data/all-zones.tar.gz