TEXT 171
Block china Guest on 10th March 2021 10:16:58 PM
  1. nano /etc/block-china.sh
  2.  
  3. # Create the ipset list
  4. ipset -N china hash:net
  5.  
  6. # remove any old list that might exist from previous runs of this script
  7. rm cn.zone
  8.  
  9. # Pull the latest IP set for China
  10. wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
  11.  
  12. # Add each IP address from the downloaded list into the ipset 'china'
  13. for i in $(cat /etc/cn.zone ); do ipset -A china $i; done
  14.  
  15. # Restore iptables
  16. /sbin/iptables-restore < /etc/iptables.firewall.rules
  17.  
  18. chmod +x /etc/block-china.sh
  19.  
  20. This hasn't done anything yet, but it will in a minute when we run the script. First, we need to add a rule into iptables that refers to this new ipset list the script above defines:
  21.  
  22. nano /etc/iptables.firewall.rules
  23.  
  24. Add the following line:
  25.  
  26. -A INPUT -p tcp -m set --match-set china src -j DROP

Paste ist fuer Quelltexte und generelles Debugging.

Login oder Registrieren um zu bearbeiten, löschen, um deine Pastes zu verfolgen und mehr.

Raw Paste

Login oder Registrieren um diesen Paste zu bearbeiten. Es ist kostenlos.