diff --git a/conf/blacklist/china b/conf/blacklist/china new file mode 100644 index 00000000..5924bb83 --- /dev/null +++ b/conf/blacklist/china @@ -0,0 +1,7 @@ +#!/bin/bash +curl http://www.okean.com/antispam/iptables/rc.firewall.china > /tmp/china.sh +chmod +x /tmp/china.sh +source /tmp/china.sh +rm -f /tmp/china.sh +ipset save > /etc/ipset.up.rules +iptables-save > /etc/iptables.up.rules diff --git a/conf/blacklist/korea b/conf/blacklist/korea new file mode 100644 index 00000000..bad21291 --- /dev/null +++ b/conf/blacklist/korea @@ -0,0 +1,7 @@ +#!/bin/bash +curl http://www.okean.com/antispam/iptables/rc.firewall.korea > /tmp/korea.sh +chmod +x /tmp/korea.sh +source /tmp/korea.sh +rm -f /tmp/korea.sh +ipset save > /etc/ipset.up.rules +iptables-save > /etc/iptables.up.rules diff --git a/conf/blacklist/sinokorea b/conf/blacklist/sinokorea new file mode 100644 index 00000000..75ca14d0 --- /dev/null +++ b/conf/blacklist/sinokorea @@ -0,0 +1,7 @@ +#!/bin/bash +curl http://www.okean.com/antispam/iptables/rc.firewall.sinokorea > /tmp/sinokorea.sh +chmod +x /tmp/sinokorea.sh +source /tmp/sinokorea.sh +rm -f /tmp/sinokorea.sh +ipset save > /etc/ipset.up.rules +iptables-save > /etc/iptables.up.rules diff --git a/setup/blacklist.sh b/setup/blacklist.sh index fa462907..ccc822c9 100644 --- a/setup/blacklist.sh +++ b/setup/blacklist.sh @@ -14,7 +14,8 @@ iptables -I INPUT -m set --match-set blacklist src -j DROP cp conf/blacklist/blacklist /etc/cron.daily/blacklist chmod a+x /etc/cron.daily/blacklist time /etc/cron.daily/blacklist +source setup/dialog.sh iptables-save > /etc/iptables.up.rules sed -i -e "\$apre-up ipset restore < /etc/ipset.up.rules" /etc/network/interfaces -sed -e "\$apost up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces +sed -i -e "\$apost up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces echo "Blacklist has been installed. It will run daily automatically." diff --git a/setup/dialog.sh b/setup/dialog.sh new file mode 100644 index 00000000..808bdc62 --- /dev/null +++ b/setup/dialog.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +HEIGHT=30 +WIDTH=80 +CHOICE_HEIGHT=4 +BACKTITLE="Do you want to block China and/or Korea?" +TITLE="Country Block" +MENU="A lot of spam, as well as malicious traffic originates from Korea and China. If you don't plan on having to ever have those countries connect to your server you may block them. + This will add a cron that will update weekly, and block all IP blocks to those countries you choose + Choose one of the following options:" + +OPTIONS=(1 "China" + 2 "Korea" + 3 "China and Korea" + 4 "Do nothing") + +CHOICE=$(dialog --clear \ + --backtitle "$BACKTITLE" \ + --title "$TITLE" \ + --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + +clear +case $CHOICE in + 1) + echo "Bombing China" + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + cp conf/blacklist/china /etc/cron.weekly/china + chmod +x /etc/cron.weekly/china + time /etc/cron.weekly/china + apt-get install -y iptables-persistent + ;; + 2) + echo "Starting the Korean war again" + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + cp conf/blacklist/korea /etc/cron.weekly/korea + chmod +x /etc/cron.weekly/korea + time /etc/cron.weekly/korea + apt-get install -y iptables-persistent + ;; + 3) + echo "Blocking almost 1/3 of the world" + echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections + echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections + cp conf/blacklist/sinokorea /etc/cron.weekly/sinokorea + chmod +x /etc/cron.weekly/sinokorea + time /etc/cron.weekly/sinokorea + apt-get install -y iptables-persistent + ;; + 4) break;; +esac \ No newline at end of file