BLOG

February 11 2024

Geo IP Blocking for Linux using only Bash and IPTables via BashRansomVirusProtector.sh

Implementation of GeoIP Geographic Filtering via Bash Scripting on Linux using the RIPE database for advanced network security management.

A pure BASH Geo IP Blocker and Firewall Script Creator Leveraging Country-Specific Internet Block Addresses This utility is designed as a highly efficient and straightforward Bash script that serves the dual purpose of geo-blocking IP addresses and generating firewall rules based on the internet address blocks assigned to specific countries.

In today's digital landscape, ensuring cybersecurity is essential for both organizations and individuals. In this context, GeoIP Filtering emerges as an advanced security technique: it allows you to regulate network access based on the geographical location of IP addresses. This means having the ability to block or allow data traffic from specific geographic areas, thus providing an additional level of control and protection. In response to this need, we propose a cutting-edge solution: a GeoIP blocking system and firewall script generator, built entirely using Bash scripting. This tool, inspired by Giovambattista Vieri's original project developed in Python3, is designed to meet modern security needs, avoiding dependence on paid external databases, such as those offered by MaxMind, and instead taking advantage of the resources available through the RIPE database.

The Origin of the Idea and Its Evolution

The basic idea behind this tool is by Giovambattista Vieri, who conceived the RansomVirusProtector, a powerful tool developed in Python3 and available on GitHub https://github.com/gvieri/ransomvirusprotector . This script was intended to block suspicious IP addresses from certain countries, an effective weapon in the fight against malware and ransomware that need to “phone home” to activate or exfiltrate stolen data.

Recognizing the importance of this functionality, but also the need for a more streamlined and immediately applicable solution in various operational contexts, a version that operates entirely in Bash was developed. This approach eliminates the dependency on Python, making the tool extremely lightweight and versatile for any Linux distribution and minimal operating systems, including embedded ones.

Features and Benefits of Bash Implementation

Bashransomvirusprotector.sh is a Geo IP Blocker in Bash that allows users to create custom firewall rules, blocking or allowing traffic from specific countries. This feature is particularly useful for protecting corporate networks from geographically localized cyber attacks, to comply with privacy laws and digital content distribution, or simply to improve network performance by limiting traffic from irrelevant regions.

One of the main advantages of this solution is its independence from external commercial databases for IP address mapping. While tools like MaxMind's database offer detailed, up-to-date data, they require regular updates and can introduce complexity and external dependencies into the system. In contrast, our script in Bash takes advantage of publicly available information and processes it directly, thus ensuring high reliability and greater privacy by directly accessing RIPE's public and free databases.

RIPE Database

The RIPE NCC (Réseaux IP Européens Network Coordination Centre) represents one of the five Regional Internet Registries (RIRs) worldwide, organizations that are responsible for assigning and administering IP addresses and ASNs (Autonomous System Numbers) in their specific geographical regions . In particular, the RIPE NCC covers Europe, the Middle East and parts of Central Asia.

The RIPE NCC plays a vital role in the assignment and management of IPv4 addresses within its region of jurisdiction. The organization assigns IP addresses to Internet Service Providers (ISPs), telecommunications networks, organizations, and other entities that need them for Internet connectivity. In addition to providing IP addresses, the RIPE NCC also maintains a public database, the RIPE Database, which documents the allocation and assignment of IP addresses and ASNs, thus contributing to the transparency and security of IP address management.

One of the most relevant features of the RIPE NCC database is the possibility of consulting the IPv4 addresses allocated to the various countries. This provides a detailed view of how IP addresses are distributed geographically, providing essential data for network analysis, cybersecurity, research and digital infrastructure planning.

How The Script Works

Without going into technical details or showing the source code, which you can download here https://github.com/MarcoMarcoaldi/bashransomvirusprotector the functioning of the script can be summarized in some key steps:

  1. Collection of IP addresses: The script accesses public and official sources such as RIPE to obtain IP addresses associated with specific country blocks.
  2. Processing and Filtering: Through Bash commands, it processes this information to extract relevant IP ranges based on the countries selected by the user.
  3. Firewall Rule Generation: Finally, it automatically generates firewall rules that can be applied directly to the system or exported for later use.

Significant Benefits

  • Lightweight and Portable: Running entirely in Bash, the script is incredibly lightweight and can run on almost any Linux system with no additional requirements.
  • Privacy and Security: By avoiding the use of commercial external databases, the script ensures that sensitive data should not be shared or exposed to third parties.
  • Ease of Use: Even without advanced scripting or cybersecurity knowledge, users can easily implement powerful geographic filtering rules.

Practical usage examples and syntax

The provided script is a shell script designed to download and process IP address allocations from the RIPE NCC (Réseaux IP Européens Network Coordination Centre), focusing specifically on IPv4 addresses allocated to certain countries. This script is useful for automating the download and processing of IP address allocation data from the RIPE NCC, potentially for analysis, reporting, or integration into other tools or databases. In this specific case, it allows you to generate another script containing all the IPTables commands to block traffic coming from one or more countries.

Examples of usage and syntax include:

Get network blocks for France:

./bashramsonvirusprotector.sh -c FR

Obtain network blocks for Italy and France:

./bashransomvirusprotector.sh -c FR,IT

Block all Russian IP addresses:

./bashransomvirusprotector.sh -c RU -p "iptables -I INPUT -s " -P " -j REJECT"

Block all Russian and Chinese IP addresses:

./bashransomvirusprotector.sh -c RU,CN -p "iptables -I INPUT -s " -P " -j REJECT"

Create a script to block all Russian IPs:

./bashransomvirusprotector.sh -c RU -p "iptables -I INPUT -s " -P " -j REJECT" > script.sh

This command generates a simple script that blocks all incoming connections from Russia. Running script.sh, all iptables commands will be applied.

Conclusions

In conclusion, bashramsonvirusprotector.sh is a simple Geo IP Blocker in Bash that represents a significant step forward in facilitating access to advanced cybersecurity tools. Inspired by the work of Giovambattista Vieri, but advancing towards an approach that favors simplicity and autonomy, this solution stands out as a valuable ally for anyone wishing to strengthen the security of their network with geographic precision.

In a digital world where threats can come from any corner of the globe, having such an agile and powerful tool is more essential than ever. The Bash version of RansomVirusProtector not only makes geographic protection more accessible but also opens up new possibilities for customization and integration, proving that when it comes to cybersecurity, flexibility and simplicity can go hand in hand with power. and effectiveness.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top