msb/base-stack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add firewall-blacklist-zone.sh

Browse Source
This commit is contained in:
Matthew Saunders Brown 2023-03-07 13:28:37 -08:00
parent a4d3fe2ff9
commit d1f589a9d8
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
sbin/firewall-blacklist-zone.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/bash
# Zone (2 letter country code) should be first arg
if [ -n "$1" ]; then
zone=$1
else
echo "zone not set"
exit 1
fi
if [[ -f /etc/firewalld/ipsets/ipdeny-$zone-zone.xml ]]; then
echo "IPSet file for zone $zone already exists."
else
cd /usr/local/src/
wget https://www.ipdeny.com/ipblocks/data/countries/$zone.zone
if [[ -f $zone.zone ]]; then
name=`isoquery $zone|cut -f4-`
modified=`stat -c '%y' $zone.zone`
firewall-cmd --permanent --new-ipset=ipdeny-$zone-zone --type=hash:net
firewall-cmd --permanent --ipset=ipdeny-$zone-zone --set-short=$zone.zone
firewall-cmd --permanent --ipset=ipdeny-$zone-zone --set-description="$name IPs from ipdeny.com updated $modified"
firewall-cmd --permanent --ipset=ipdeny-$zone-zone --add-entries-from-file=/usr/local/src/$zone.zone
firewall-cmd --permanent --zone=drop --add-source=ipset:ipdeny-$zone-zone
firewall-cmd --reload
fi
fi