#!/bin/bash
cd /tmp
/bin/rm -f GeoIPCountryCSV.zip
wget -T 5 -t 1 http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
unzip GeoIPCountryCSV.zip || exit 1
 
echo -n "Creating CNM (Country,Net/Mask) CSV file..."
awk -F \" 'function s(c,b,e,l,m,n) {l = log(e-b+1)/log(2); m = 2^32-2^int(l); n = and(m,e); if (n == and(m,b)) {printf "%s,%u.%u.%u.%u/%u\n",c,b/2^24%256,b/2^16%256,b/2^8%256,b%256,32-l} else {s(c,b,n-1); s(c,n,e)}} s($10,$6,$8)' GeoIPCountryWhois.csv > cnm.csv
rm -f GeoIPCountryWhois.csv
echo -ne "DONE\nGenerating BIND GeoIP.acl file..."
 
(for c in $(awk -F , '{print $1}' cnm.csv | sort -u)
do
  echo "acl \"$c\" {"
  grep "^$c," cnm.csv | awk -F , '{print "\t"$2";"}'
  echo -e "};\n"
done) > /etc/named.GeoIP.acl
 
rm -f cnm.csv
echo "DONE"
 
/etc/init.d/named reload
 
exit 0

include "/etc/named.GeoIP.acl";
view "thailand" {
    match-clients { TH; };
        match-clients { TH; };
        zone "upic.me" {
                type master;
                file "master/th.db.upic.me";
        };
}
view "inter" {
        match-clients { any; };
        zone "upic.me" {
                type master;
                file "master/all.db.upic.me";
        };
};

iptables -D INPUT -p tcp --dport 21 -j FTPFILTER
iptables -N FTPFILTER
iptables -F FTPFILTER
iptables -A FTPFILTER -j REJECT
for i in `wget -qO - http://www.icez.net/files/thaiiplist`; do
iptables -I FTPFILTER -s $i -j ACCEPT
done
iptables -A INPUT -p tcp --dport 21 -j FTPFILTER