使用firehol生成的各个国家ip段数据库,包含geolite2、ipip.net、ip2location,geolite2貌似不再更新。
wget https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipip_country/ipip_country_cn.netset
echo 'create cn hash:net -exist' > ipset_cn.rule
while read line; do if [[ $line =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]];then echo "add cn $line";fi;done < ipip_country_cn.netset >> ipset_cn.rule
ipset restore --file ipset_cn.ruleiptables使用:
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -m set --match-set cn src -j ACCEPT自己生成ipip各个国家ip数据库:
wget https://cdn.ipip.net/17mon/country.zip
unzip country.zip country.txt
mkdir ip
for cy in `awk '{print $2}' country.txt|sort -u`;do awk '{if ($2 == "'$cy'") print $1}' country.txt > ip/$cy.txt;done生成geoliste2的中国ip数据:
echo 'create cn6 hash:net family inet6 -exist' > ipset_cn6.rule
awk -F',' '{if ($2 == 1814991) print ("add cn6",$1)}' GeoLite2-Country-Blocks-IPv6.csv >> ipset_cn6.rule
echo 'create cn hash:net -exist' > ipset_cn4.rule
awk -F',' '{if ($2 == 1814991) print ("add cn4",$1)}' GeoLite2-Country-Blocks-IPv4.csv >> ipset_cn4.rule这个网址可在线生成:https://www.ip2location.com/free/visitor-blocker
也可使用此工具自己生成MaxMind geolite2和dbip国家ip数据:
https://github.com/chr0mag/geoipsets
标签:none