使用firehol生成的各个国家ip段数据库,包含geolite2、ipip.net、ip2location,geolite2貌似不再更新。
wget https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipip_country/ipip_country_cn.netset
echo 'create cn hash:net -exist' > ipset_cn.rule
while read line; do if [[ $line =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]];then echo "add cn $line";fi;done < ipip_country_cn.netset >> ipset_cn.rule
ipset restore --file ipset_cn.ruleiptables使用:
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -m set --match-set cn src -j ACCEPT自己生成ipip各个国家ip数据库:
wget https://cdn.ipip.net/17mon/country.zip
unzip country.zip country.txt
mkdir ip
for cy in `awk '{print $2}' country.txt|sort -u`;do awk '{if ($2 == "'$cy'") print $1}' country.txt > ip/$cy.txt;done也可使用此工具自己生成MaxMind geolite2和dbip国家ip数据:
https://github.com/chr0mag/geoipsets
标签:none