iptables_accept_austria
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:accept_austria - [0:0]
-A INPUT -p tcp --dport 80 -j accept_austria
-A INPUT -p tcp --dport 443 -j accept_austria
-A INPUT -p tcp --dport 80 -j DROP
-A INPUT -p tcp --dport 443 -j DROP
COMMIT
update-iptables
#!/bin/bash
DIR=$( dirname ${BASH_SOURCE} )
echo "adding drop for 80 + 443"
# create + clear accept_austria
iptables-restore < $DIR/iptables_accept_austria
if [ $? != 0 ] ; then
echo "Error loading base iptables"
exit 1
fi
#curl -f 'https://www.ip2location.com/free/visitor-blocker' \
# -H 'Connection: keep-alive' \
# -H 'Pragma: no-cache' \
# -H 'Cache-Control: no-cache' \
# -H 'sec-ch-ua: ";Not A Brand";v="12", "Chromium";v="12"' \
# -H 'sec-ch-ua-mobile: ?12' \
# -H 'sec-ch-ua-platform: "Linux"' \
# -H 'Origin: www.ip2location.com' \
# -H 'Upgrade-Insecure-Requests: 1' \
# -H 'DNT: 1' \
# -H 'Content-Type: application/x-www-form-urlencoded' \
# -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/123.36 (KHTML, like Gecko) Chrome/94.0.2422.21 Safari/123.36' \
# -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
# -H 'Sec-Fetch-Site: same-origin' \
# -H 'Sec-Fetch-Mode: navigate' \
# -H 'Sec-Fetch-User: ?1' \
# -H 'Sec-Fetch-Dest: document' \
# -H 'Referer: www.ip2location.com/free/visitor-blocker' \
# -H 'Accept-Language: de,en-US;q=0.9,en;q=0.8,it;q=0.7' \
# -H 'Cookie: PHPSESSID=f23dfghdfh23sdfshdfasfd; first_visit=123123524523; accept_cookies=true' \
# --data-raw 'countryCodes%5B%5D=AT&version=4&format=iptables-accept' \
# --compressed \
# --output firewall.txt.gz
#
#if [ $? != 0 ] ; then
# echo "Update Error"
# exit 1
#fi
# fill accept_austria
IPTABLES_RULES="*filter
:accept_austria - [0:0]
"
RULES=$(zcat $DIR/firewall.txt.gz)
n=0
regex='iptables -A INPUT -s ([0-9.]+/[0-9]+) -j ACCEPT'
while read line ; do
#echo "$((n++)) >>>>$line<<<<<"
if [[ $line =~ $regex ]] ; then
echo "[$((n++))] iptables -A accept_austria -s ${BASH_REMATCH[1]} -j ACCEPT"
IPTABLES_RULES+="-A accept_austria -s ${BASH_REMATCH[1]} -j ACCEPT
"
if [ $? != 0 ] ; then
echo "Error adding iptables rule" >&2
exit 1
fi
else
echo "no match for [[$line]]"
fi
done <<< "$RULES"
IPTABLES_RULES+="COMMIT
"
echo "$IPTABLES_RULES" | iptables-restore --noflush
iptables_accept_austria.service
[Unit]
Description=iptables_accept_austria
[Service]
ExecStart=/root/bin/update-iptables
[Install]
WantedBy=multi-user.target
|