blocked chinese IPs. Too many abusers.

ufw/china-block.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+set -e
+
+IPSET_NAME="china"
+CIDR_FILE="/tmp/cn.cidr"
+UFW_RULE="/etc/ufw/applications.d/block-china"
+
+SOURCES=(
+    "https://www.ipdeny.com/ipblocks/data/countries/cn.zone"
+    "https://raw.githubusercontent.com/mayaxcn/china-ip-list/master/chnroute.txt"
+)
+
+echo "[*] Downloading CN IP ranges..."
+for url in "${SOURCES[@]}"; do
+    echo "    Trying $url ..."
+    wget -q "$url" -O "$CIDR_FILE"
+    if [[ $(wc -l < "$CIDR_FILE") -gt 10 ]]; then
+        echo "    [+] Success: $(wc -l < "$CIDR_FILE") entries"
+        break
+    fi
+done
+
+if [[ $(wc -l < "$CIDR_FILE") -lt 10 ]]; then
+    echo "[!] All sources failed. Aborting."
+    exit 1
+fi
+
+echo "[*] Creating ipset..."
+ipset create "$IPSET_NAME" hash:net 2>/dev/null || ipset flush "$IPSET_NAME"
+
+echo "[*] Populating ipset..."
+while IFS= read -r cidr; do
+    [[ -z "$cidr" ]] && continue
+    ipset add "$IPSET_NAME" "$cidr"
+done < "$CIDR_FILE"
+
+echo "[*] Saving ipset..."
+ipset save > /etc/ipset.conf
+
+echo "[*] Adding iptables rules directly..."
+iptables -A INPUT -m set --match-set "$IPSET_NAME" src -j DROP
+iptables -A OUTPUT -m set --match-set "$IPSET_NAME" dst -j DROP
+
+echo "[*] Saving iptables rules..."
+iptables-save > /etc/iptables/iptables.rules
+systemctl enable --now iptables
+
+echo "[+] Done! Chinese IPs are now blocked."

ufw/china-unblock.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -e
+
+IPSET_NAME="china"
+
+echo "[*] Removing iptables rules..."
+iptables -D INPUT -m set --match-set "$IPSET_NAME" src -j DROP 2>/dev/null || true
+iptables -D OUTPUT -m set --match-set "$IPSET_NAME" dst -j DROP 2>/dev/null || true
+
+echo "[*] Destroying ipset..."
+ipset destroy "$IPSET_NAME" 2>/dev/null || true
+rm -f /etc/ipset.conf /tmp/cn.cidr /etc/iptables/iptables.rules
+
+echo "[+] Done! Chinese IPs are now unblocked."

ufw/requirements.txt

@@ -0,0 +1,3 @@
+ipset
+wget
+ufw