42 lines
1.1 KiB
Bash
42 lines
1.1 KiB
Bash
#!/bin/bash
|
|
CONFIG_FILE=/etc/geoiplookup.conf
|
|
GEOIPLOOKUP=/usr/local/bin/goiplookup
|
|
|
|
# Check existence of configuration
|
|
if [ -f "$CONFIG_FILE" ]; then
|
|
source $CONFIG_FILE
|
|
|
|
# Check required variable exists and is non-empty
|
|
if [ -z "$ALLOW_COUNTRIES" ]; then
|
|
echo "variable ALLOW_COUNTRIES is not set or empty. No countries are blocked."
|
|
exit 0
|
|
fi
|
|
else
|
|
echo "Configuration $CONFIG_FILE does not exist. No countries are blocked."
|
|
exit 0
|
|
fi
|
|
|
|
# Check existence of binary
|
|
if [ ! -x "$GEOIPLOOKUP" ]; then
|
|
echo "Geoip lookup binary $GEOIPLOOKUP does not exist. No countries are blocked."
|
|
exit 0
|
|
fi
|
|
|
|
if [ $# -ne 1 -a $# -ne 2 ]; then
|
|
echo "Usage: `basename $0` <ip>" 1>&2
|
|
exit 0 # return true in case of config issue
|
|
fi
|
|
|
|
COUNTRY=`$GEOIPLOOKUP $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`
|
|
|
|
[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE="ALLOW" || RESPONSE="DENY"
|
|
|
|
logger "$RESPONSE geoipblocked connection from $1 ($COUNTRY) $2"
|
|
|
|
if [ $RESPONSE = "ALLOW" ]
|
|
then
|
|
exit 0
|
|
else
|
|
exit 1
|
|
fi
|