#!/bin/bash

# co povolit (mezerou oddelene ISO kody zemi)
ISO="cz"

# binarky Linuxu
IPT=/sbin/iptables
IPT6=/sbin/ip6tables
WGET=/usr/bin/wget

# nazev chainu v iptables (musi jiz existovat), zdroje, online zdroje
WHITELIST="whitelist"
# kde budou ulozeny zaznamy
ZONEROOT="/root/zonelist"
# rooty agregovanych adresnich bloku
DLROOT="http://www.ipdeny.com/ipblocks/data/aggregated"
DL6ROOT="http://www.ipdeny.com/ipv6/ipaddresses/aggregated"


# pro jistotu - vytvoreni adresare se zonami
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT

# smazani starych zaznamu v chainu
$IPT -F $WHITELIST
$IPT6 -F $WHITELIST


# naplneni tabulek
for c in $ISO
do
	# lokalni databaze
	LDB=$ZONEROOT/$c.zone

	# stazeni zaznamu
	$WGET -O $LDB $DLROOT/$c\-aggregated.zone

	# seznam IPv4
	ALLOWIPS=$(egrep -v "^#|^$" $LDB)

	for ip in $ALLOWIPS
	do
		$IPT -A $WHITELIST -s $ip -j RETURN
	done
	
	$IPT -A $WHITELIST -j DROP

	# totez s IPv6
	ADB6=$ZONEROOT/$c.6.zone
	$WGET -O $ADB6 $DL6ROOT/$c\-aggregated.zone

	ALLOW6IPS=$(egrep -v "^#|^$" $ADB6)
	for ip6 in $ALLOW6IPS
	do
		$IPT6 -A $WHITELIST -s $ip6 -j RETURN
	done

	$IPT6 -A $WHITELIST -j DROP

done