海外ip访问屏蔽脚本
引用文章
屏蔽海外ip访问,包括ssh等等。nginx等web应用请查阅此文章
脚本内容:
#!/bin/bash
mmode=$1
ins () {
pa=`rpm -qa | grep iptables`
if [ -z "$pa" ] ;then
apt install -y iptables >/dev/null
echo "iptables安装成功!"
else
echo "已安装iptables"
fi
pb=`rpm -qa | grep ipset`
if [ -z "$pb" ] ;then
apt install -y ipset >/dev/null
echo "ipset安装成功"
else
echo "已安装ipset"
fi
}
coll () {
kk=`ipset -L | grep cnip`
if [ -z "$kk" ] ;then
ipset -N cnip hash:net
echo "cnip合集创建成功!"
else
echo "已有cnip合集"
fi
cn=`ls /root/cn.zone`
if [ -z "$cn" ] ;then
wget -P /root/ http://www.ipdeny.com/ipblocks/data/countries/cn.zone >/dev/null
echo "下载国外ip段,存放位置:/root/cn.zone"
fi
}
dr () {
sudi=`ipset -L | grep 223`
if [ -z "$sudi" ] ;then
for i in `cat /root/cn.zone`; do ipset -A cnip $i; done #导入ip段到cnip合集
echo "ip段导入成功!"
else
echo "ip段已导入过cnip合集"
fi
}
flush () {
opk=`iptables -L | grep cnip`
if [ -z "$opk" ] ;then
iptables -A INPUT -p tcp -m set --match-set cnip src -j ACCEPT
iptables -P INPUT DROP
echo "已创建屏蔽国外ip规则"
else
echo "已有屏蔽国外ip规则"
fi
}
iprctstop () {
psd=`rpm -qa | grep iptables-1`
if [ -z "$psd" ] ;then
echo "暂未安装iptables,请先安装iptables"
fi
pssd=`rpm -qa | grep ipset-7`
if [ -z "$pssd" ] ;then
echo "暂未安装ipset,请先安装iptables"
fi
exit 0
dpo=`iptables -L -n | grep cnip`
if [ "$dpo" ] ;then
read -p "输入y删除iptables中cnip规则、删除ipset中cnip合集,输入其他则结束操作: " b
if [ "$b" == "y" ] ;then
sleep 2
iptables -P INPUT ACCEPT
iptables -D INPUT -p tcp -m set --match-set cnip src -j ACCEPT
sleep 1
echo "iptables中cnip规则已删除"
else [ "$b" != "y" ]
exit 0
fi
fi
ice=`iptables -L | grep cnip`
if [ "$ice" ] ;then
echo "iptables中无cnip规则"
fi
#exit 0
}
delset () {
stnd=`ipset -L | grep cnip`
if [ "$stnd" ] ;then
ipset destroy cnip
echo "合集已成功删除"
exit 0
fi
echo "ipset中没有发现cnip合集"
kos=`iptables -L | grep cnip`
if [ "$kos" ] ;then
echo " "
else
echo "iptables中没有发现cnip规则"
fi
}
if [ "$mmode" == "stop" ] ;then
iprctstop
delset
exit 0
fi
ins
coll
dr
flush
原脚本支持CentOS,修改后脚本支持一键配置CentOS/Ubuntu/Debian,其他系统请自行修改脚本内容
脚本中的/root/请自行修改为用户目录,如/home/admln/