Ban Countries

With installed firewalld drop zone and ipset, you can block countries with the following script.

Change the variable COUNTRIES to the country you want to block.

ZONES="br cn in"

Features

Usage

You can use the script with the following command:

./run.sh -sa

Or set custom local.list file and run:

./run.sh -ll -sa

Or just run:

./run.sh

You can just download zones to local catalog:

./run.sh -do

You can pass country code with -c option:

./run.sh -c "br"

Script will try to download br zone from ipdeny.com and setup ipset from local downloaded zones, if ipdeny site not available, script will setup ipset from repo located zones.

Usage commands

You can use the script with the following command ./run.sh -h:

Usage: ./run.sh [options]
Options:
  -ln, --list-name <list>      Name of the ipset list (default: blcountries)
  -mx, --maxelem <maxelem>     Maximum number of elements in the ipset list (default: 131072)
  -hx, --hashsize <hashsize>   Hash size of the ipset list (default: 32768)
  -am, --alternative-mirror    Another IP source mirror (default: ipdeny.com)
  -daz, --download-all-zones   Download all country zones from ipdeny.com (all-zones.tar.gz)
  -di, --delete-ipset          Delete ipset from firewalld (default: blcountries)
  -dl, --download-local        Download zones to local folder
  -sl, --setup-from-local      Setup ipsets from local downloaded zones
  -sa, --setup-from-archive    Setup ipset from downloaded archive
  -h, --help                   Show this message (help)

AllZones from IpDeny

If ipdeny.com restricted from your region, you can download regularly updated file from this repo.

Download example:

wget https://github.com/m0zgen/geo2drop/raw/data/all-zones.tar.gz

About

⚙️ Ban countries with firewalld and ipset

Languages

Language:Shell 92.4%Language:Python 7.6%