Edited at

国別に通信をブロック

More than 3 years have passed since last update.


  • ubuntu 16.04にて確認


参考


iptables版


競合する?のでufw止める

ufw --force reset

ufw --force disable


block.sh

iptables -F

iptables -X

COUNTRY="cn"
ZONE=${COUNTRY}-aggregated
if [ ! -e ${ZONE}.zone ];then
wget http://www.ipdeny.com/ipblocks/data/aggregated/${ZONE}.zone
fi

iptables -N ${ZONE}
cat ${ZONE}.zone | while read ip; do
iptables -A ${ZONE} -s "$ip" -j DROP
done
iptables -A INPUT -j ${ZONE}



iptables一覧

iptables -nL



ufw版

ufw --force reset

ufw --force disable
ufw default allow
ufw --force enable

COUNTRY="cn"
if [ ! -e ${COUNTRY}-aggregated.zone ];then
wget http://www.ipdeny.com/ipblocks/data/aggregated/${COUNTRY}-aggregated.zone
fi

cat ${COUNTRY}-aggregated.zone | while read ip; do
echo -n $ip
# ufw deny コマンドで登録すると10分はかかる
ufw deny log from "$ip" to any
done


ufw一覧

ufw status verbose


合わせて読みたい