x512 · November 29, 2024 12:31
diff --git a/server_block_country.sh b/server_block_country.sh
 #!/bin/env bash
 # 
 # x512's Country Block
 #
 # Created: 2021-10-20
 # Description: Test for blocking single countries from a server
 # (CentOS 8 at the time), as a 3-7 day cronjob.
 #
 # Usage: run an array of ISO 2 country codes through this script.
 # Intended to be ran with cron!! Be nice!!
 # Ver: 0.1.5 (2024-11-29)
 # - Added $COUNTRY variable, removed placeholder.
 #
 # * See also: get-iso.sh
 #
 #shellcheck disable=2034
 readonly SCRIPT_VER="0.1.4"
 readonly SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

 FILEDATE=$(date +%Y%m%d%H%M)
 #COUNTRY="cn" # haha just an example lol chilllll
 COUNTRY="${1:-cn}" # <-- this will be $1 when the script's called by cron/a user.
             # i.e., blockcountry "cn"

 BLACKLIST_DIR="/etc/blacklists"

 TMP_DIR="$(mktemp -d)"

 TMP_FILE_4="$TMP_DIR/temp_${COUNTRY:-}_$RANDOM.txt"
 TMP_FILE_6="$TMP_DIR/temp_${COUNTRY:-}6_$RANDOM.txt"



 script_init() {
    echo >&2 "Starting script: $0" # start timer here (DEBUG)
    OLD_IFS="$IFS"
    OLD_CWD="$PWD"
    # How to redirect all output to a logfile?
    [[ ! -d "/etc/blacklists" ]] && mkdir "/etc/blacklists"
    [[ ! -d "$TMP_DIR" ]] && mkdir "$TMP_DIR"
    cd "$TMP_DIR" || exit 1
 }

 get_addresses() {
    wget -q - O - "http://ipverse.net/ipblocks/data/countries/${COUNTRY}.zone" >> "$TMP_FILE_4" || exit 1
    wget -q - O - "http://ipverse.net/ipblocks/data/countries/${COUNTRY}-ipv6.zone" >> "$TMP_FILE_6" || exit 1
 }

 # Description: Removes comments from input file.
 # Usage: $1 = Input/output file.
 strip_comments() {
    temp1="${TMP_DIR}/ip-1$RANDOM.tmp"  # Do we even need temporary
    temp2="${TMP_DIR}/ip-2$RANDOM.tmp"  #    files?
    local "$temp1" "$temp2"
    
    cd ${TMP_DIR} || exit 1
    touch "$temp1" "$temp2" || : # cont. > should create temp. files...

    # Remove all commented lines (#)
    grep -o '^[^#].*' "$1" >> "${temp1}"

    # Some files may also contain EOL comments denoted by ';'
    sed -e '1{/^;!/ {p}}; /^[\t\ ]*;/d;/\.*;.*/ {/[\x22\x27].*;.*[\x22\x27]/ !{:regular_loop s/\(.*\)*[^\];.*/\1/;t regular_loop}; /[\x22\x27].*;.*[\x22\x27]/ {:special_loop s/\([\x22\x27].*;.*[^\x22\x27]\);.*/\1/;t special_loop}; /\\;/ {:second_special_loop s/\(.*\\;.*[^\]\);.*/\1/;t second_special_loop}}' "$temp1" >> "$temp2"
    
    rm -f "$temp1"
    rm -f "$1" # needed? ">" (below) will overwrite $1 right?
    
    sort -d -t ' ' "$temp2" | uniq > "$1"
 }

 delete_fw() {
    firewall-cmd --permanent --delete-ipset="${1}" || : # ${1..5}?
 }

 # Description: creates a firewall rule and adds addresses
 #    to blacklist from file.
 # Usage: $1 = ipset name
 #        $2 = family (inet or inet6)
 #        $3 = hashsize (multiple of 2)
 #        $4 = maxelem (multiple of 2)
 #        $5 = file
 #        e.g., in this script (only, coz its a shit
 #        function that works):
 #        create_fw il_ipv4 inet 8192 204800 "$TEMP_FILE_4"
 create_fw() {
    delete_fw "${1}" || :
   
    firewall-cmd --permanent --new-ipset="${1:-${COUNTRY}_ipv4}" \
        --type=hash:net --option=family="${2:-inet}" \
        --option=hashsize="${3:-8192}" \
        --option=maxelem="${4:-163840}"
    
    firewall-cmd --permanent --ipset="${1:-${COUNTRY}_ipv4}" \
      --add-entries-from-file="${5:-${TEMP_FILE_4}}" || exit 1

    firewall-cmd --permanent --zone=drop \
      --add-source=ipset:"${1:-${COUNTRY}_ipv4}" || exit 1
 }

 cleanup() {
    trap - EXIT ERR SIGINT SIGTERM

    IFS="$OLD_IFS"
    
    cd "$OLD_CWD"
    
    rm -rf "$TMP_DIR/"
    rm -rf "$TMP_DIR"

    set +e
    unset "$TMP_DIR" "$FILEDATE" "$OLD_CWD" "$OLD_IFS"
 # <-- end timer here (DEBUG)
 }

 main() { 
    script_init && get_addresses

    strip_comments "${TMP_FILE_4}" || exit 1
    strip_comments "${TMP_FILE_6}" || exit 1
  
    create_fw "${COUNTRY}_ipv4" inet 8192 204800 "$TEMP_FILE_4"
    create_fw "${COUNTRY}_ipv6" inet6 4096 40960 "$TEMP_FILE_6"
    
    mv -v "$TMP_FILE_4" "${BLACKLIST_DIR}/${COUNTRY}_${FILEDATE}.txt"
    mv -v "$TMP_FILE_6" "${BLACKLIST_DIR}/${COUNTRY}6_${FILEDATE}.txt"
 }

 # Runtime
 #set -euo
 set -E
 IFS=$'\n\t'

 trap '' TSTP
 trap cleanup EXIT ERR SIGINT SIGTERM

 main "@" || exit 1

 exit 0
	#!/bin/env bash
	#
	# x512's Country Block
	#
	# Created: 2021-10-20
	# Description: Test for blocking single countries from a server
	# (CentOS 8 at the time), as a 3-7 day cronjob.
	#
	# Usage: run an array of ISO 2 country codes through this script.
	# Intended to be ran with cron!! Be nice!!
	# Ver: 0.1.5 (2024-11-29)
	# - Added $COUNTRY variable, removed placeholder.
	#
	# * See also: get-iso.sh
	#
	#shellcheck disable=2034
	readonly SCRIPT_VER="0.1.4"
	readonly SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

	FILEDATE=$(date +%Y%m%d%H%M)
	#COUNTRY="cn" # haha just an example lol chilllll
	COUNTRY="${1:-cn}" # <-- this will be $1 when the script's called by cron/a user.
	# i.e., blockcountry "cn"

	BLACKLIST_DIR="/etc/blacklists"

	TMP_DIR="$(mktemp -d)"

	TMP_FILE_4="$TMP_DIR/temp_${COUNTRY:-}_$RANDOM.txt"
	TMP_FILE_6="$TMP_DIR/temp_${COUNTRY:-}6_$RANDOM.txt"



	script_init() {
	echo >&2 "Starting script: $0" # start timer here (DEBUG)
	OLD_IFS="$IFS"
	OLD_CWD="$PWD"
	# How to redirect all output to a logfile?
	[[ ! -d "/etc/blacklists" ]] && mkdir "/etc/blacklists"
	[[ ! -d "$TMP_DIR" ]] && mkdir "$TMP_DIR"
	cd "$TMP_DIR" \|\| exit 1
	}

	get_addresses() {
	wget -q - O - "http://ipverse.net/ipblocks/data/countries/${COUNTRY}.zone" >> "$TMP_FILE_4" \|\| exit 1
	wget -q - O - "http://ipverse.net/ipblocks/data/countries/${COUNTRY}-ipv6.zone" >> "$TMP_FILE_6" \|\| exit 1
	}

	# Description: Removes comments from input file.
	# Usage: $1 = Input/output file.
	strip_comments() {
	temp1="${TMP_DIR}/ip-1$RANDOM.tmp" # Do we even need temporary
	temp2="${TMP_DIR}/ip-2$RANDOM.tmp" # files?
	local "$temp1" "$temp2"

	cd ${TMP_DIR} \|\| exit 1
	touch "$temp1" "$temp2" \|\| : # cont. > should create temp. files...

	# Remove all commented lines (#)
	grep -o '^[^#].*' "$1" >> "${temp1}"

	# Some files may also contain EOL comments denoted by ';'
	sed -e '1{/^;!/ {p}}; /^[\t\ ];/d;/\.;./ {/[\x22\x27].;.[\x22\x27]/ !{:regular_loop s/\(.\)[^\];./\1/;t regular_loop}; /[\x22\x27].;.[\x22\x27]/ {:special_loop s/\([\x22\x27].;.[^\x22\x27]\);./\1/;t special_loop}; /\\;/ {:second_special_loop s/\(.\\;.[^\]\);./\1/;t second_special_loop}}' "$temp1" >> "$temp2"

	rm -f "$temp1"
	rm -f "$1" # needed? ">" (below) will overwrite $1 right?

	sort -d -t ' ' "$temp2" \| uniq > "$1"
	}

	delete_fw() {
	firewall-cmd --permanent --delete-ipset="${1}" \|\| : # ${1..5}?
	}

	# Description: creates a firewall rule and adds addresses
	# to blacklist from file.
	# Usage: $1 = ipset name
	# $2 = family (inet or inet6)
	# $3 = hashsize (multiple of 2)
	# $4 = maxelem (multiple of 2)
	# $5 = file
	# e.g., in this script (only, coz its a shit
	# function that works):
	# create_fw il_ipv4 inet 8192 204800 "$TEMP_FILE_4"
	create_fw() {
	delete_fw "${1}" \|\| :

	firewall-cmd --permanent --new-ipset="${1:-${COUNTRY}_ipv4}" \
	--type=hash:net --option=family="${2:-inet}" \
	--option=hashsize="${3:-8192}" \
	--option=maxelem="${4:-163840}"

	firewall-cmd --permanent --ipset="${1:-${COUNTRY}_ipv4}" \
	--add-entries-from-file="${5:-${TEMP_FILE_4}}" \|\| exit 1

	firewall-cmd --permanent --zone=drop \
	--add-source=ipset:"${1:-${COUNTRY}_ipv4}" \|\| exit 1
	}

	cleanup() {
	trap - EXIT ERR SIGINT SIGTERM

	IFS="$OLD_IFS"

	cd "$OLD_CWD"

	rm -rf "$TMP_DIR/"
	rm -rf "$TMP_DIR"

	set +e
	unset "$TMP_DIR" "$FILEDATE" "$OLD_CWD" "$OLD_IFS"
	# <-- end timer here (DEBUG)
	}

	main() {
	script_init && get_addresses

	strip_comments "${TMP_FILE_4}" \|\| exit 1
	strip_comments "${TMP_FILE_6}" \|\| exit 1

	create_fw "${COUNTRY}_ipv4" inet 8192 204800 "$TEMP_FILE_4"
	create_fw "${COUNTRY}_ipv6" inet6 4096 40960 "$TEMP_FILE_6"

	mv -v "$TMP_FILE_4" "${BLACKLIST_DIR}/${COUNTRY}_${FILEDATE}.txt"
	mv -v "$TMP_FILE_6" "${BLACKLIST_DIR}/${COUNTRY}6_${FILEDATE}.txt"
	}

	# Runtime
	#set -euo
	set -E
	IFS=$'\n\t'

	trap '' TSTP
	trap cleanup EXIT ERR SIGINT SIGTERM

	main "@" \|\| exit 1

	exit 0
No results found