#!\/bin\/bash
\n# Purpose: Block all traffic from AFGHANISTAN (af) and CHINA (CN).<\/p>\n
Use ISO code. #
\n# ——————————————————————————-
\nISO=”af cn”
\n### Set PATH ###
\nIPT=\/sbin\/iptables
\nWGET=\/usr\/bin\/wget
\nEGREP=\/bin\/egrep
\n### No editing below ###
\nSPAMLIST=”countrydrop”
\nZONEROOT=”\/root\/iptables”
\nDLROOT=”http:\/\/www.ipdeny.com\/ipblocks\/data\/countries”
\ncleanOldRules(){
\n$IPT -F
\n$IPT -X
\n$IPT -t nat -F
\n$IPT -t nat -X
\n$IPT -t mangle -F
\n$IPT -t mangle -X
\n$IPT -P INPUT ACCEPT
\n$IPT -P OUTPUT ACCEPT
\n$IPT -P FORWARD ACCEPT
\n}
\n# create a dir
\n[ ! -d $ZONEROOT ] && \/bin\/mkdir -p $ZONEROOT
\n# clean old rules
\ncleanOldRules
\n# create a new iptables list
\n$IPT -N $SPAMLIST
\nfor c in $ISO
\ndo
\n# local zone file
\ntDB=$ZONEROOT\/$c.zone
\n# get fresh zone file
\n$WGET -O $tDB $DLROOT\/$c.zone
\n# country specific log message
\nSPAMDROPMSG=”$c Country Drop”
\n# get
\nBADIPS=$(egrep -v “^#|^$” $tDB)
\nfor ipblock in $BADIPS
\ndo
\n$IPT -A $SPAMLIST -s $ipblock -j LOG –log-prefix
\n“$SPAMDROPMSG”
\n$IPT -A $SPAMLIST -s $ipblock -j DROP
\ndone
\ndone
\n# Drop everything
\n$IPT -I INPUT -j $SPAMLIST
\n$IPT -I OUTPUT -j $SPAMLIST
\n$IPT -I FORWARD -j $SPAMLIST
\n# call your other iptable script
\n# \/path\/to\/other\/iptables.sh
\nexit 0<\/p><\/blockquote>\n
Step 1<\/p>\n
Save above script as root user and customize ISO variable to point out country name using ISO country names. Once done install the script as follows using crontab<\/p>\n
# @weekly \/path\/to\/country.block.iptables.sh<\/p><\/blockquote>\n
To start blocking immediately type:<\/p>\n
# \/path\/to\/country.block.iptables.sh<\/p><\/blockquote>\n
Step 2<\/p>\n
Another, alternative to above shell script is to use geoip iptables patch. This is not standard iptables modules. You need to download patch and compile Linux kernel.<\/p>\n
If you require help, contact SupportPRO Server Admin<\/a><\/p>\n
![\"Server](\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\")
<\/a><\/span>