#!/bin/sh
#######################################################################
#Script Name: fwdloadcountry
#Version: 1.4
#Description: Script to auto load Country ip ranges from 
#IPdeny
#Last Modify Date: 12092025
#Author:Brent Dacus
#Email:brent[at]thedacus[dot]net
#######################################################################
#                       Main                                          #
#######################################################################
RULE="7 -m set --match-set geoblock src -j DROP"
# Check if the rule exists in permanent configuration
EXISTING_RULES=$(firewall-cmd --permanent --direct --get-rules ipv4 filter INPUT)
## get new geo ip server list

curl -s http://www.ipdeny.com/ipblocks/data/aggregated/{ru,cn,tr,ir,iq,id,kp,cz,br,tw,ro,vn}-aggregated.zone \
> /tmp/geoblock_file
/usr/sbin/ipset flush geoblock
firewall-cmd --delete-ipset=geoblock --permanent
firewall-cmd --permanent --new-ipset=geoblock --type=hash:net --option=family=inet --option=hashsize=1048576 --option=maxelem=1048576
if echo "$EXISTING_RULES" | grep -q "$RULE"; then
    echo "Geoblock rule already exists."
else
    echo "Geoblock rule missing. Adding rule..."
    firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT $RULE
    firewall-cmd --reload
    echo "Geoblock rule added and firewall reloaded."
fi
firewall-cmd --permanent --ipset=geoblock --add-entries-from-file=/tmp/geoblock_file
firewall-cmd --reload

## clean up and remove temp file
rm -rf /tmp/geoblock_*