git.squeep.com Git - firewall-squeep/blob - sinokorea.sh

   1 #!/bin/sh
   2
   3 . ./common.sh
   4
   5 # this chain will drop anything we didn't establish
   6 chain='xenophobe'
   7
   8 set_name='sinokorea'
   9 cidr_file="${set_name}.cidr"
  10
  11 # Thank you, http://www.okean.com/antispam/sinokorea.html
  12 badcidrs_url="http://www.okean.com/sinokoreacidr.txt"
  13
  14 if [ "$1" = "show" ]
  15 then
  16         for c in INPUT "${chain}"
  17         do
  18                 #only show counts for non-zero entries
  19                 $IPTABLES -vnx -L "${c}" | awk '$1 !~ 0 { print }'
  20         done
  21         exit
  22 fi
  23
  24 # create or re-init chain
  25 if ! $IPTABLES -L "${chain}" >/dev/null 2>&1
  26 then
  27         echo "initializing '${chain}' chain..."
  28         $IPTABLES -N "${chain}" || $IPTABLES -F "${chain}"
  29         $IPTABLES -A "${chain}" -m conntrack --ctstate ESTABLISHED,RELATED -j RETURN
  30         $IPTABLES -A "${chain}" -j REJECT --reject-with icmp-port-unreachable
  31         $IPTABLES -L "${chain}"
  32 fi
  33
  34 create_set sinokorea hash:net counters
  35 create_set sinokorea6 hash:net counters family inet6
  36
  37 CURL_OPTS=''
  38 if [ -e "${cidr_file}" ]
  39 then
  40         CURL_OPTS="-z '${cidr_file}'"
  41 fi
  42 (set -o pipefail; curl -sfL ${CURL_OPTS} "${badcidrs_url}" | decommentcat | awk '{print $1}' > "${cidr_file}") || die 1 "failed to fetch list"
  43
  44 insert_setmatch_rules sinokorea -m multiport -p tcp --dports ssh,smtp -j xenophobe
  45 reload_cidr_sets sinokorea counters
  46