Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f188c046ed
Branches Tags
tftsr_ai
/
tftsr_nginx-hardening
/
scripts
/
download-geo-zones.sh

download-geo-zones.sh 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. #!/usr/bin/env bash
    2. 

  2. # Download ipdeny.com aggregated zone files for all blocked countries.
    3. 

  3. # Run this on a machine WITH internet access, then rsync the output
    4. 

  4. # directory to the DMZ host and set geo_zone_files_dir in your inventory.
    5. 

  5. #
    6. 

  6. # Usage:
    7. 

  7. #   ./scripts/download-geo-zones.sh [output-dir]
    8. 

  8. #
    9. 

  9. # Example workflow:
    10. 

  10. #   # On your workstation:
    11. 

  11. #   ./scripts/download-geo-zones.sh /tmp/geo_zones
    12. 

  12. #   rsync -av /tmp/geo_zones/ sarman@dmz-host:/opt/geo_zones/
    13. 

  13. #
    14. 

  14. #   # Then run the playbook pointing at the cache:
    15. 

  15. #   ansible-playbook -K playbooks/geo_blocking.yml -e geo_zone_files_dir=/opt/geo_zones
    16. 

  16. 

  17. set -euo pipefail
    18. 

  18. 

  19. BASE_URL="https://www.ipdeny.com/ipblocks/data/aggregated"
    20. 

  20. OUT_DIR="${1:-/tmp/geo_zones}"
    21. 

  21. 

  22. # All blocked country codes (excludes US and ipdeny-absent territories)
    23. 

  23. COUNTRIES=(
    24. 

  24.   AD AE AF AG AI AL AM AO AQ AR AS AT AU AW AX AZ
    25. 

  25.   BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BW BY BZ
    26. 

  26.   CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CW CY CZ
    27. 

  27.   DE DJ DK DM DO DZ
    28. 

  28.   EC EE EG ER ES ET
    29. 

  29.   FI FJ FK FM FO FR
    30. 

  30.   GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GT GU GW GY
    31. 

  31.   HK HN HR HT HU
    32. 

  32.   ID IE IL IM IN IO IQ IR IS IT
    33. 

  33.   JE JM JO JP
    34. 

  34.   KE KG KH KI KM KN KP KR KW KY KZ
    35. 

  35.   LA LB LC LI LK LR LS LT LU LV LY
    36. 

  36.   MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ
    37. 

  37.   NA NC NE NF NG NI NL NO NP NR NU NZ
    38. 

  38.   OM
    39. 

  39.   PA PE PF PG PH PK PL PM PR PS PT PW PY
    40. 

  40.   QA
    41. 

  41.   RE RO RS RU RW
    42. 

  42.   SA SB SC SD SE SG SI SK SL SM SN SO SR SS ST SV SX SY SZ
    43. 

  43.   TC TD TG TH TJ TK TL TM TN TO TR TT TV TW TZ
    44. 

  44.   UA UG UM UY UZ
    45. 

  45.   VA VC VE VG VI VN VU
    46. 

  46.   WF WS
    47. 

  47.   YE YT
    48. 

  48.   ZA ZM ZW
    49. 

  49. )
    50. 

  50. 

  51. mkdir -p "$OUT_DIR"
    52. 

  52. echo "Downloading ${#COUNTRIES[@]} zone files to $OUT_DIR ..."
    53. 

  53. 

  54. ok=0; fail=0
    55. 

  55. for cc in "${COUNTRIES[@]}"; do
    56. 

  56.   url="${BASE_URL}/${cc,,}-aggregated.zone"
    57. 

  57.   dest="${OUT_DIR}/${cc,,}.zone"
    58. 

  58.   if curl -fsSL --connect-timeout 10 --max-time 30 -o "$dest" "$url"; then
    59. 

  59.     (( ++ok ))
    60. 

  60.   else
    61. 

  61.     echo "  SKIP $cc (no zone file at ipdeny.com)"
    62. 

  62.     rm -f "$dest"
    63. 

  63.     (( ++fail ))
    64. 

  64.   fi
    65. 

  65. done
    66. 

  66. 

  67. echo "Done: $ok downloaded, $fail skipped."
    68. 

  68. echo ""
    69. 

  69. echo "Next steps:"
    70. 

  70. echo "  rsync -av ${OUT_DIR}/ USER@DMZ_HOST:/opt/geo_zones/"
    71. 

  71. echo "  ansible-playbook -K playbooks/geo_blocking.yml -e geo_zone_files_dir=/opt/geo_zones"
    72.