If you are an admin of a website and you see a lot of bogus traffic coming from some countries which give no profit to you, and you want to block those countries from accessing your website then you can use the bash script given below.

There are two ways to block countries. First is to configure your Apache server and second is to set iptables commands. We will do this using iptables. First of all download the list of IP zone files of the country which you want to block from here.









The script will not work if people of that country are using any proxy server or they have spoofed their IP address.

#!/bin/bash ### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ### ISO="af cn" ### Set PATH ### IPT=/sbin/iptables WGET=/usr/bin/wget EGREP=/bin/egrep ### No editing below ### SPAMLIST="countrydrop" ZONEROOT="/root/iptables" DLROOT="http://www.ipdeny.com/ipblocks/data/countries" cleanOldRules(){ $IPT -F $IPT -X $IPT -t nat -F $IPT -t nat -X $IPT -t mangle -F $IPT -t mangle -X $IPT -P INPUT ACCEPT $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT } # create a dir [ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT # clean old rules cleanOldRules # create a new iptables list $IPT -N $SPAMLIST for c in $ISO do # local zone file tDB=$ZONEROOT/$c.zone # get fresh zone file $WGET -O $tDB $DLROOT/$c.zone # country specific log message SPAMDROPMSG="$c Country Drop" # get BADIPS=$(egrep -v "^#|^$" $tDB) for ipblock in $BADIPS do $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG" $IPT -A $SPAMLIST -s $ipblock -j DROP done done # Drop everything $IPT -I INPUT -j $SPAMLIST $IPT -I OUTPUT -j $SPAMLIST $IPT -I FORWARD -j $SPAMLIST # call your other iptable script # /path/to/other/iptables.sh exit 0

You must be logged in as a ‘root’ user to run this script. Mention the country names which you want to block in ‘ISO’.

To run the script

# /path/block_country.sh

You can add this script to crontab so that it will run automatically.

@weekly /path/block_country.sh

Below is an another script which does the same work:

#!/bin/bash ###PUT HERE COMA SEPARATED LIST OF COUNTRY CODE### COUNTRIES="AK,AR" WORKDIR="/root" ####################################### cd $WORKDIR wget -c --output-document=iptables-blocklist.txt http://blogama.org/country_query.php?country=$COUNTRIES if [ -f iptables-blocklist.txt ]; then iptables -F BLOCKDB="iptables-blocklist.txt" IPS=$(grep -Ev "^#" $BLOCKDB) for i in $IPS do iptables -A INPUT -s $i -j DROP iptables -A OUTPUT -d $i -j DROP done fi rm $WORKDIR/iptables-blocklist.txt