#!/bin/bash


echo "###### BLOCKING CHINA ######"
echo

ipset -N china hash:net -exist
ipset -F china

if [ -f "cn-aggregated.zone" ]
then
	rm cn-aggregated.zone
fi

wget http://ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone

if [ $? -eq 0 ]
then
	echo "Download Finished!"
fi

echo "Adding Networks to ipset ..."

for net in `cat cn-aggregated.zone`
do
	ipset -A china $net
done

echo "Blocking CN with iptables..."
iptables -I INPUT -m set --match-set china src -j DROP
echo "Done"