Menu
What's new
By:
Filters Better Search

my script to allow connections from my country only

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RASG

RASG

Regular Contributor
Hey all.

I decided to allow only IPs from my country (Brazil) to connect to my RT-AC66U on port 22, since i travel only once a year.

I want to be able to SSH into my router from anywhere in the country, without exposing it to the rest of the world.

So far i have the below script, which works fine on my ubuntu desktop.

Can someone help me convert it to our routers?

If i missed something during the translation and google is not of much help, feel free to ask.

Code: 
#!/bin/bash

# script de inclusao de regra no iptables
# aceita conexoes das classes de ip do brasil
# recusa todas as outras
# atualmente aplicado para a porta 22 (ssh)
#
# ultima alteracao: RAG 09/01/2015


LOCALNETWORK=(127.0.0.0/8 192.168.0.0/24)
IPCLASSES_NAMES=(ar.zone br.zone)
IPCLASSES_PATH="http://www.ipdeny.com/ipblocks/data/countries"
WORKINGDIR="/tmp"

echo
echo "Starting script IP-block"
echo

# always allow local network
for RANGE in "${LOCALNETWORK[@]}"; do
    echo "Bloqueando tudo o que for diferente de $RANGE na porta 22 (SSH)"
    # iptables version doesnt have -C
    # applying (-D) and (-A)
    iptables -D INPUT ! -s $RANGE -p tcp --dport 22 -j DROP
    iptables -A INPUT ! -s $RANGE -p tcp --dport 22 -j DROP
done

# ip externo
for PAIS in "${IPCLASSES_NAMES[@]}"; do

    FILE_REMOTE="$IPCLASSES_PATH/$PAIS"
    FILE_LOCAL="$WORKINGDIR/$PAIS"

    echo "Saving file $PAIS to $WORKINGDIR"
    WGET_OUTPUT=$(2>&1 wget -N $FILE_REMOTE -P $WORKINGDIR)

    echo "Reading file $FILE_LOCAL"
    if echo "$WGET_OUTPUT" | egrep -i '(saved|salvando)' &> /dev/null; then
        echo "File $FILE_LOCAL updated"

        while read LINHA; do
            echo "Bloqueando tudo o que for diferente de $LINHA na porta 22 (SSH)"
            iptables -A INPUT ! -s $LINHA -p tcp --dport 22 -j DROP
        done < $FILE_LOCAL
    else
        echo "File $FILE_LOCAL didnt change"
        echo "No new rules will be applied"
    fi

done

echo
echo "Finishing script IP-block"
echo
 
also, i would like to ask: since there are hundreds of IP classes, should i try ipset instead of iptables?

can the router handle all these rules?
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Script to detect backup wan and disable certain devices from internet access
Replies
0
Views
344
RandomUser777
R
R
One router, two segments desired.
Replies
4
Views
401
Rombo
R
NoBenefit
Does my iptables looks normal?
Replies
1
Views
649
ColinTaylor
C
S
How to block DHCP protocol over a TAP site-to-site VPN (useful if you host separate DHCP subnet ranges at each site as part of a superset subnet)
Replies
0
Views
864
seabass
S
B
YazFi Help with IPTables Script
Replies
2
Views
550
binky
B
Similar threads
Thread starter Title Forum Replies Date
S script to use AC86U's WakeOnLan Asuswrt-Merlin 8
M deSEC DDNS update script Asuswrt-Merlin 0
B Network map script Asuswrt-Merlin 25
I arping script to fix WAN drops Asuswrt-Merlin 10
sesardelaisla Solved bash executable script problems when executed through a cron job Asuswrt-Merlin 20
R Script to detect backup wan and disable certain devices from internet access Asuswrt-Merlin 0
BeKozGaming [RT-AC88U][386.12_4] "backup_jffs.tar Failed - Virus detected" Error saving JFFS partition: Trojan:Script/Wacatac.B!ml Asuswrt-Merlin 11
H Correct Script To Use For Changing Routes? Asuswrt-Merlin 1
H Get VPN DNS Server(s) In Script? Asuswrt-Merlin 0
H Does firewall-start Script Ever Run Twice With Same iptables Rules? Asuswrt-Merlin 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 931 (members: 22, guests: 909)
Top