From: Philip Prindeville <philipp@xxxxxxxxxxxxxxxxxxxxx>
Add a tool for retrieiving the IPv4 or IPv6 (or both!) CIDR ranges
for a given country, which can then be injected into an ipset if
one doesn't want to use (or have available) the xt_geoip extension.
Signed-off-by: Philip Prindeville <philipp@xxxxxxxxxxxxxxxxxxxxx>
---
geoip/xt_geoip_fetch | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 93 insertions(+)
diff --git a/geoip/xt_geoip_fetch b/geoip/xt_geoip_fetch
new file mode 100755
index 0000000000000000000000000000000000000000..a598335164a227ecc65fd180fb744b4a93976590
--- /dev/null
+++ b/geoip/xt_geoip_fetch
@@ -0,0 +1,93 @@
+#!/usr/bin/perl
+#
+# Utility to query GeoIP database
+# Copyright © Philip Prindeville, 2018
+#
+use Getopt::Long;
+use Socket qw(AF_INET AF_INET6 inet_ntop);
+use warnings;
+use strict;
+
+sub AF_INET_SIZE() { 4 }
+sub AF_INET6_SIZE() { 16 }
+
+my $target_dir = ".";
+my $ipv4 = 0;
+my $ipv6 = 0;
+
+&Getopt::Long::Configure(qw(bundling));
+&GetOptions(
+ "D=s" => \$target_dir,
+ "4" => \$ipv4,
+ "6" => \$ipv6,
+);
+
+if (!-d $target_dir) {
+ print STDERR "Target directory $target_dir does not exit.\n";
+ exit 1;
+}
+
+# if neither specified, assume both
+if (! $ipv4 && ! $ipv6) {
+ $ipv4 = $ipv6 = 1;
+}
+
+foreach my $cc (@ARGV) {
+ if ($cc !~ m/^([a-z]{2}|a[12]|o1)$/i) {
+ print STDERR "Invalid country code '$cc'\n";
+ exit 1;
+ }
+
+ my $file = $target_dir . '/' . uc($cc) . '.iv4';
+
+ if (! -f $file) {
+ printf STDERR "Can't find data for country '$cc'\n";
+ exit 1;
+ }
+
+ my ($contents, $buffer, $bytes, $fh);
+
+ if ($ipv4) {
+ open($fh, '<', $file) || die "Couldn't open file for '$cc'\n";
+
+ binmode($fh);
+
+ while (($bytes = read($fh, $buffer, AF_INET_SIZE * 2)) == AF_INET_SIZE * 2) {
+ my $start = inet_ntop(AF_INET, substr($buffer, 0, AF_INET_SIZE));
+ my $end = inet_ntop(AF_INET, substr($buffer, AF_INET_SIZE));
+ print $start, '-', $end, "\n";
+ }
+ close($fh);
+ if (! defined $bytes) {
+ printf STDERR "Error reading file for '$cc'\n";
+ exit 1;
+ } elsif ($bytes != 0) {
+ printf STDERR "Short read on file for '$cc'\n";
+ exit 1;
+ }
+ }
+
+ substr($file, -1) = '6';
+
+ if ($ipv6) {
+ open($fh, '<', $file) || die "Couldn't open file for '$cc'\n";
+
+ binmode($fh);
+
+ while (($bytes = read($fh, $buffer, AF_INET6_SIZE * 2)) == AF_INET6_SIZE * 2) {
+ my $start = inet_ntop(AF_INET6, substr($buffer, 0, AF_INET6_SIZE));
+ my $end = inet_ntop(AF_INET6, substr($buffer, AF_INET6_SIZE));
+ print $start, '-', $end, "\n";
+ }
+ close($fh);
+ if (! defined $bytes) {
+ printf STDERR "Error reading file for '$cc'\n";
+ exit 1;
+ } elsif ($bytes != 0) {
+ printf STDERR "Short read on file for '$cc'\n";
+ exit 1;
+ }
+ }
+}
+
+exit 0;
--
2.14.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
