Home Explore Help
Sign In
kotoyuuko
/
ansible-proxy-chain
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 542e5ffbd2
Branches Tags
ansible-proxy-c...
/
roles
/
geoblock
/
templates
/
geoblock-update.sh.j2

geoblock-update.sh.j2 726 B
History Raw

123456789101112131415161718192021222324252627 
  1. #!/bin/bash
    2. 

  2. set -euo pipefail
    3. 

  3. 

  4. ZONE_URL="{{ geoblock_zone_url }}"
    5. 

  5. ZONE_FILE="{{ geoblock_zone_path }}"
    6. 

  6. IPSET_NAME="{{ geoblock_ipset_name }}"
    7. 

  7. IPSET_TMP="${IPSET_NAME}-tmp"
    8. 

  8. 

  9. mkdir -p "$(dirname "$ZONE_FILE")"
    10. 

  10. 

  11. curl -fsSL -o "$ZONE_FILE" "$ZONE_URL"
    12. 

  12. 

  13. ipset create "$IPSET_TMP" hash:net -exist
    14. 

  14. ipset flush "$IPSET_TMP"
    15. 

  15. 

  16. while IFS= read -r cidr; do
    17. 

  17.     [[ -z "$cidr" || "$cidr" == \#* ]] && continue
    18. 

  18.     ipset add "$IPSET_TMP" "$cidr" -exist
    19. 

  19. done < "$ZONE_FILE"
    20. 

  20. 

  21. ipset create "$IPSET_NAME" hash:net -exist
    22. 

  22. ipset swap "$IPSET_TMP" "$IPSET_NAME"
    23. 

  23. ipset destroy "$IPSET_TMP"
    24. 

  24. 

  25. if ! iptables -C OUTPUT -m set --match-set "$IPSET_NAME" dst -j DROP 2>/dev/null; then
    26. 

  26.     iptables -A OUTPUT -m set --match-set "$IPSET_NAME" dst -j DROP
    27. 

  27. fi
    28.