bisco/iptables-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

block_range.sh: removed wget's output; added '-exist' option to ipset command to ignore errors when same set already exists

Browse Source
This commit is contained in:
bisco 2019-03-04 21:49:26 +01:00
parent fa5c044f39
commit 91e840746a
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
block_range.sh
View File

@ -7,7 +7,7 @@ set -e
### Variables ### Variables
URL="http://www.ipdeny.com/ipblocks/data/countries" URL="http://www.ipdeny.com/ipblocks/data/countries"
ZONES="cn hk ru tw" ZONES="cn hk ru tw kp kr sg"
SCRIPTDIR="/root/firewall" SCRIPTDIR="/root/firewall"
ZONEDIR="${SCRIPTDIR}/blocked_zones/" ZONEDIR="${SCRIPTDIR}/blocked_zones/"
RULESFILE="/tmp/iptables_rules-$(date +'%s')" RULESFILE="/tmp/iptables_rules-$(date +'%s')"
@ -93,7 +93,7 @@ download_zones()
for zone in $(echo "${ZONES[*]}"); for zone in $(echo "${ZONES[*]}");
do do
echo "Downloading $zone.zone file"; echo "Downloading $zone.zone file";
${WGET} -P "${ZONEDIR}" "${URL}/$zone.zone"; ${WGET} --quiet -P "${ZONEDIR}" "${URL}/$zone.zone";
done done
} }
@ -105,7 +105,7 @@ create_chains()
for chain in $(echo "${ZONES[*]}"); for chain in $(echo "${ZONES[*]}");
do do
echo "Creating $chain chain"; echo "Creating $chain chain";
${IPSET} create ${chain} hash:net; ${IPSET} create -exist ${chain} hash:net;
done done
} }
@ -116,9 +116,10 @@ populate_chains()
{ {
for chain in $(echo "${ZONES[*]}"); for chain in $(echo "${ZONES[*]}");
do do
echo "Populating $chain";
for ip in $(cat $ZONEDIR/$chain.zone); for ip in $(cat $ZONEDIR/$chain.zone);
do do
${IPSET} add $chain $ip; ${IPSET} add -exist $chain $ip;
done; done;
done done
} }