zoneblock (1242B)
1 #!/bin/sh -e 2 # Create zones directory: 3 # 4 # mkdir /etc/pf_zones && chmod 700 /etc/pf_zones 5 # 6 # pf.conf: 7 # 8 # table <blocked_zones4> persist file "/etc/pf_zones/blocked_zones4" 9 # table <blocked_zones6> persist file "/etc/pf_zones/blocked_zones6" 10 # 11 # block drop in quick log on $ext_if inet from <blocked_zones4> to any 12 # block out quick log on $ext_if inet from any to <blocked_zones4> 13 # block drop in quick log on $ext_if inet6 from <blocked_zones6> to any 14 # block out quick log on $ext_if inet6 from any to <blocked_zones6> 15 16 COUNTRIES="br cn ru" 17 18 gen_ipv4_zones() { 19 >blocked_zones4 # truncate zone file 20 for c in $COUNTRIES; do 21 ftp -o "$c"4.zone http://ipdeny.com/ipblocks/data/countries/"$c".zone 22 cat "$c"4.zone >> blocked_zones4 23 sleep 1 # be nice to server 24 done 25 } 26 27 gen_ipv6_zones() { 28 >blocked_zones6 # truncate zone file 29 for c in $COUNTRIES; do 30 ftp -o "$c"6.zone http://www.ipdeny.com/ipv6/ipaddresses/blocks/"$c".zone 31 cat "$c"6.zone >> blocked_zones6 32 sleep 1 # be nice to server 33 done 34 } 35 36 reload_pf_tables() { 37 pfctl -t blocked_zones4 -T replace -f blocked_zones4 38 pfctl -t blocked_zones6 -T replace -f blocked_zones6 39 } 40 41 cd /etc/pf_zones 42 gen_ipv4_zones 43 gen_ipv6_zones 44 reload_pf_tables