From 61780b8ae72f491c9340dd158cb37f31c4633571 Mon Sep 17 00:00:00 2001
From: ChiefGyk <alon@ganon.me>
Date: Wed, 29 Jun 2016 15:39:41 -0400
Subject: [PATCH] added optional geoblock lists that update weekly for China,
 and Korea as they create a lot of spam. They are added via IPtables as they
 are added in blocks.

---
 conf/blacklist/china     |  7 +++++
 conf/blacklist/korea     |  7 +++++
 conf/blacklist/sinokorea |  7 +++++
 setup/blacklist.sh       |  3 ++-
 setup/dialog.sh          | 55 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 conf/blacklist/china
 create mode 100644 conf/blacklist/korea
 create mode 100644 conf/blacklist/sinokorea
 create mode 100644 setup/dialog.sh

diff --git a/conf/blacklist/china b/conf/blacklist/china
new file mode 100644
index 00000000..5924bb83
--- /dev/null
+++ b/conf/blacklist/china
@@ -0,0 +1,7 @@
+#!/bin/bash
+curl http://www.okean.com/antispam/iptables/rc.firewall.china > /tmp/china.sh
+chmod +x /tmp/china.sh
+source /tmp/china.sh
+rm -f /tmp/china.sh
+ipset save > /etc/ipset.up.rules
+iptables-save > /etc/iptables.up.rules
diff --git a/conf/blacklist/korea b/conf/blacklist/korea
new file mode 100644
index 00000000..bad21291
--- /dev/null
+++ b/conf/blacklist/korea
@@ -0,0 +1,7 @@
+#!/bin/bash
+curl http://www.okean.com/antispam/iptables/rc.firewall.korea > /tmp/korea.sh
+chmod +x /tmp/korea.sh
+source /tmp/korea.sh
+rm -f /tmp/korea.sh
+ipset save > /etc/ipset.up.rules
+iptables-save > /etc/iptables.up.rules
diff --git a/conf/blacklist/sinokorea b/conf/blacklist/sinokorea
new file mode 100644
index 00000000..75ca14d0
--- /dev/null
+++ b/conf/blacklist/sinokorea
@@ -0,0 +1,7 @@
+#!/bin/bash
+curl http://www.okean.com/antispam/iptables/rc.firewall.sinokorea > /tmp/sinokorea.sh
+chmod +x /tmp/sinokorea.sh
+source /tmp/sinokorea.sh
+rm -f /tmp/sinokorea.sh
+ipset save > /etc/ipset.up.rules
+iptables-save > /etc/iptables.up.rules
diff --git a/setup/blacklist.sh b/setup/blacklist.sh
index fa462907..ccc822c9 100644
--- a/setup/blacklist.sh
+++ b/setup/blacklist.sh
@@ -14,7 +14,8 @@ iptables -I INPUT -m set --match-set blacklist src -j DROP
 cp conf/blacklist/blacklist /etc/cron.daily/blacklist
 chmod a+x /etc/cron.daily/blacklist
 time /etc/cron.daily/blacklist
+source setup/dialog.sh
 iptables-save > /etc/iptables.up.rules
 sed -i -e "\$apre-up ipset restore < /etc/ipset.up.rules" /etc/network/interfaces
-sed -e "\$apost up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces
+sed -i -e "\$apost up iptables-restore < /etc/iptables.up.rules" /etc/network/interfaces
 echo "Blacklist has been installed. It will run daily automatically."
diff --git a/setup/dialog.sh b/setup/dialog.sh
new file mode 100644
index 00000000..808bdc62
--- /dev/null
+++ b/setup/dialog.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+HEIGHT=30
+WIDTH=80
+CHOICE_HEIGHT=4
+BACKTITLE="Do you want to block China and/or Korea?"
+TITLE="Country Block"
+MENU="A lot of spam, as well as malicious traffic originates from Korea and China. If you don't plan on having to ever have those countries connect to your server you may block them.
+	This will add a cron that will update weekly, and block all IP blocks to those countries you choose
+	Choose one of the following options:"
+
+OPTIONS=(1 "China"
+         2 "Korea"
+         3 "China and Korea"
+		 4 "Do nothing")
+
+CHOICE=$(dialog --clear \
+                --backtitle "$BACKTITLE" \
+                --title "$TITLE" \
+                --menu "$MENU" \
+                $HEIGHT $WIDTH $CHOICE_HEIGHT \
+                "${OPTIONS[@]}" \
+                2>&1 >/dev/tty)
+
+clear
+case $CHOICE in
+        1)
+            echo "Bombing China"
+			echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+			echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+			cp conf/blacklist/china /etc/cron.weekly/china
+			chmod +x /etc/cron.weekly/china
+			time /etc/cron.weekly/china
+			apt-get install -y iptables-persistent
+            ;;
+        2)
+            echo "Starting the Korean war again"
+			echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+			echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+			cp conf/blacklist/korea /etc/cron.weekly/korea
+			chmod +x /etc/cron.weekly/korea
+			time /etc/cron.weekly/korea
+			apt-get install -y iptables-persistent
+            ;;
+        3)
+            echo "Blocking almost 1/3 of the world"
+			echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
+			echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
+			cp conf/blacklist/sinokorea /etc/cron.weekly/sinokorea
+			chmod +x /etc/cron.weekly/sinokorea
+			time /etc/cron.weekly/sinokorea
+			apt-get install -y iptables-persistent
+            ;;
+		4) break;;
+esac
\ No newline at end of file