-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgetIP.py
45 lines (42 loc) · 1.87 KB
/
getIP.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# sciprt's written by SoledaD208, email: [email protected]
# script get national IP from http://www.ipaddresslocation.org, permit all these IP with minimum policy (enable ssh only)
# block all the foreign traffic
# script create 2 new chains in Iptables: VIETNAM-INPUT and NOT-VIETNAM-INPUT:
# accept just ssh protocol in VIETNAM-INPUT chain
# all these foreign traffic jump to NOT-VIETNAM-INPUT chain and block by default
# if have internal networks, you should create more chain for these networks, or add smt like this to iptables config file:
# -A INPUT -i internallIf -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
import re
import shutil
import requests
# Create payload to get IP
payload = {'country': 'VN', 'prefix': '', 'output': 'cidr'}
# Send request to http://www.ipaddresslocation.org
r = requests.post('http://www.ipaddresslocation.org/ip_ranges/get_ranges.php', data=payload)
confIpt = raw_input("config iptbles? ")
if confIpt == 'y' or confIpt == 'Y' or confIpt == 'Yes' or confIpt == 'YES':
# backup config file
shutil.copyfile('/etc/sysconfig/iptables', '/etc/sysconfig/iptables.bak')
print 'current iptables config file is backuped to iptables.bak'
while True:
sshInput = raw_input("Which's ssh port? ")
try:
ssh = int(sshInput)
except ValueError:
print("That's not an int!")
continue
else:
break
tempF = open('iptablesv5','r')
tempRules = tempF.readlines()
tempF.close()
for i in re.findall(''' (.+)<br />''', r._content, re.I):
tempRules.insert(8,'-A INPUT -s ' + i + ' -j VIETNAM-INPUT\n')
tempRules.insert(8,'-A FORWARD -s ' + i + ' -j VIETNAM-INPUT\n')
ipt = file('/etc/sysconfig/iptables', 'wt')
rules = "".join(tempRules)
rules = rules.replace('--dport 22', '--dport ' + sshInput)
ipt.write(rules)
ipt.close()
else:
exit()