oixb.run/CountryBlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
CountryBlock/start.sh
Bxio 7b81f5a1ea
2025-06-23 17:47:11 +01:00

80 lines
3.0 KiB
Bash
Raw Blame History

#!/bin/bash
set -euo pipefail
echo -e "
░█████╗░███╗░░██╗██████╗░██████╗░░█████╗░░██████╗
██╔══██╗████╗░██║██╔══██╗██╔══██╗██╔══██╗██╔════╝
███████║██╔██╗██║██║░░██║██║░░██║██║░░██║╚█████╗░
██╔══██║██║╚████║██║░░██║██║░░██║██║░░██║░╚═══██╗
██║░░██║██║░╚███║██████╔╝██████╔╝╚█████╔╝██████╔╝
╚═╝░░╚═╝╚═╝░░╚══╝╚═════╝░╚═════╝░░╚════╝░╚═════╝░"
COUNTRIES="cn ru us in br id vn pk tr ir eg bd mx za ua kr ng ph"
ZONE_DIR="zone"
mkdir -p "$ZONE_DIR"
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t raw -F
iptables -t mangle -F
iptables -F
iptables -X
function add_iptables_rule() {
local chain=$1
local set_name=$2
if iptables -t raw -C "$chain" -m set --match-set "$set_name" src -j DROP 2>/dev/null; then
echo "Regra iptables já existe: $chain$set_name"
else
echo "Inserindo regra iptables: $chain$set_name"
iptables -t raw -I "$chain" -i vmbr0 -m set --match-set "$set_name" src -j DROP
fi
}
for country in $COUNTRIES; do #https://www.ipdeny.com/ipblocks/data/countries/${country}.zone
url="https://raw.githubusercontent.com/firehol/blocklist-ipsets/refs/heads/master/geolite2_country/country_${country}.netset" #
echo "[$(date '+%Y-%m-%d %H:%M:%S')] Baixando lista IPs: $country"
tmp_file="${ZONE_DIR}/${country}.zone.tmp"
target_file="${ZONE_DIR}/${country}.zone"
if curl -sSf -o "$tmp_file" "$url"; then
grep -Eo '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/[0-9]+)?$' "$tmp_file" > "$target_file"
rm "$tmp_file"
if [ ! -s "$target_file" ]; then
echo "[$country] Lista filtrada vazia, ignorando atualização."
rm "$target_file"
continue
fi
else
echo "[$country] Falha no download. Mantendo antigo (se existir)."
[ -f "$tmp_file" ] && rm "$tmp_file"
continue
fi
if ipset list "$country" &>/dev/null; then
echo "[$country] Limpando ipset antigo..."
ipset destroy "$country"
ipset create "$country" hash:net maxelem 262144
else
echo "[$country] Criando novo ipset..."
ipset create "$country" hash:net maxelem 262144
fi
while read -r subnet; do
ipset add "$country" "$subnet" -exist || echo "Falha ao adicionar: $subnet"
done < "$target_file"
add_iptables_rule PREROUTING "$country"
echo "[$country] Proteção configurada."
done
echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Proteção geográfica concluída!"
Reference in New Issue View Git Blame Copy Permalink