#!/bin/bash

wget -q 'http://ipdeny.com/ipblocks/data/countries/ru.zone' -O /etc/iptables/zone/ru.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/cn.zone' -O /etc/iptables/zone/cn.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/in.zone' -O /etc/iptables/zone/in.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/iq.zone' -O /etc/iptables/zone/iq.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/jp.zone' -O /etc/iptables/zone/jp.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/kp.zone' -O /etc/iptables/zone/kp.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/kr.zone' -O /etc/iptables/zone/kr.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/id.zone' -O /etc/iptables/zone/id.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/cf.zone' -O /etc/iptables/zone/cf.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/za.zone' -O /etc/iptables/zone/za.zone
wget -q 'http://ipdeny.com/ipblocks/data/countries/co.zone' -O /etc/iptables/zone/co.zone
wget -q 'https://www.cloudflare.com/ips-v4' -O /etc/iptables/list/CF.list


for i in $(cat /etc/iptables/zone/*.zone ); do ipset -exist -A drop $i; done
for i in $(cat /etc/iptables/list/CF.list ); do ipset -exist -A allowHTTPS $i; done
for i in $(cat /etc/iptables/list/allowSSH.list ); do ipset -exist -A allowSSH $i; done
for i in $(cat /etc/iptables/list/directHTTPS.list ); do ipset -exist -A directHTTPS $i; done

ipset save > /etc/iptables/ipset.save