Skip to content

Instantly share code, notes, and snippets.

@paul-chambers
Created August 5, 2023 07:50
Show Gist options
  • Save paul-chambers/6856c8111183be58f8ca88c34c4e7318 to your computer and use it in GitHub Desktop.
Save paul-chambers/6856c8111183be58f8ca88c34c4e7318 to your computer and use it in GitHub Desktop.
Script to pull country-specific IP ranges from ipdeny.com and create/update country-specific ipsets from them
#!/bin/bash
#
# Powered by <a href="http://www.ipdeny.com">IPDENY.COM</a> IP database.
#
# Pull the agregated zone lists from denyip.com, and create country-specific ipsets from them
#
# This approach doesn't require an additional 'geoip' kernel module or the Maxmind database.
#
# When updating, the new ipset replaces the existing one with a 'swap', so there isn't any
# time period when the set is empty.
#
# Paul Chambers, August 5, 2023
#
countries='gb ca'
for country in ${countries}
do
url="https://www.ipdeny.com/ipblocks/data/aggregated/${country}-aggregated.zone"
ipset create "country-${country}-import" hash:net && ipset -! create "country-${country}" hash:net
while IF= read -r cidr
do
ipset add "country-${country}-import" "${cidr}"
done < <(curl "${url}")
ipset swap "country-${country}-import" "country-${country}" && ipset destroy "country-${country}-import"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment