scripts

misc scripts and tools
git clone git://git.2f30.org/scripts
Log | Files | Refs

commit 6470438380366344ad628164f3c60806ee583465
parent 2273b75a8d8d8e273dce5a346f00d985d4ce93c6
Author: sin <sin@2f30.org>
Date:   Thu, 16 Mar 2017 15:21:26 +0000

Add script to generate pf tables for blocking countries

Diffstat:
Agen-blocked-zones | 44++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+), 0 deletions(-)

diff --git a/gen-blocked-zones b/gen-blocked-zones @@ -0,0 +1,44 @@ +#!/bin/sh -e +# Create zones directory: +# +# mkdir /etc/pf_zones && chmod 700 /etc/pf_zones +# +# pf.conf: +# +# table <blocked_zones4> persist file "/etc/pf_zones/blocked_zones4" +# table <blocked_zones6> persist file "/etc/pf_zones/blocked_zones6" +# +# block drop in quick log on $ext_if inet from <blocked_zones4> to any +# block out quick log on $ext_if inet from any to <blocked_zones4> +# block drop in quick log on $ext_if inet6 from <blocked_zones6> to any +# block out quick log on $ext_if inet6 from any to <blocked_zones6> + +COUNTRIES="br cn ru" + +gen_ipv4_zones() { + >blocked_zones4 # truncate zone file + for c in $COUNTRIES; do + ftp -o "$c"4.zone http://ipdeny.com/ipblocks/data/countries/"$c".zone + cat "$c"4.zone >> blocked_zones4 + sleep 1 # be nice to server + done +} + +gen_ipv6_zones() { + >blocked_zones6 # truncate zone file + for c in $COUNTRIES; do + ftp -o "$c"6.zone http://www.ipdeny.com/ipv6/ipaddresses/blocks/"$c".zone + cat "$c"6.zone >> blocked_zones6 + sleep 1 # be nice to server + done +} + +reload_pf_tables() { + pfctl -t blocked_zones4 -T replace -f blocked_zones4 + pfctl -t blocked_zones6 -T replace -f blocked_zones6 +} + +cd /etc/pf_zones +gen_ipv4_zones +gen_ipv6_zones +reload_pf_tables