Table of contents of the article:
In today's digital landscape, ensuring cybersecurity is essential for both organizations and individuals. In this context, GeoIP Filtering emerges as an advanced security technique: it allows you to regulate network access based on the geographical location of IP addresses. This means having the ability to block or allow data traffic from specific geographic areas, thus providing an additional level of control and protection. In response to this need, we propose a cutting-edge solution: a GeoIP blocking system and firewall script generator, built entirely using Bash scripting. This tool, inspired by Giovambattista Vieri's original project developed in Python3, is designed to meet modern security needs, avoiding dependence on paid external databases, such as those offered by MaxMind, and instead taking advantage of the resources available through the RIPE database.
The Origin of the Idea and Its Evolution
The basic idea behind this tool is by Giovambattista Vieri, who conceived the RansomVirusProtector, a powerful tool developed in Python3 and available on GitHub https://github.com/gvieri/ransomvirusprotector . This script was intended to block suspicious IP addresses from certain countries, an effective weapon in the fight against malware and ransomware that need to “phone home” to activate or exfiltrate stolen data.
Recognizing the importance of this functionality, but also the need for a more streamlined and immediately applicable solution in various operational contexts, a version that operates entirely in Bash was developed. This approach eliminates the dependency on Python, making the tool extremely lightweight and versatile for any Linux distribution and minimal operating systems, including embedded ones.
Features and Benefits of Bash Implementation
Bashransomvirusprotector.sh is a Geo IP Blocker in Bash that allows users to create custom firewall rules, blocking or allowing traffic from specific countries. This feature is particularly useful for protecting corporate networks from geographically localized cyber attacks, to comply with privacy laws and digital content distribution, or simply to improve network performance by limiting traffic from irrelevant regions.
One of the main advantages of this solution is its independence from external commercial databases for IP address mapping. While tools like MaxMind's database offer detailed, up-to-date data, they require regular updates and can introduce complexity and external dependencies into the system. In contrast, our script in Bash takes advantage of publicly available information and processes it directly, thus ensuring high reliability and greater privacy by directly accessing RIPE's public and free databases.
The RIPE NCC (Réseaux IP Européens Network Coordination Centre) represents one of the five Regional Internet Registries (RIRs) worldwide, organizations that are responsible for assigning and administering IP addresses and ASNs (Autonomous System Numbers) in their specific geographical regions . In particular, the RIPE NCC covers Europe, the Middle East and parts of Central Asia.
The RIPE NCC plays a vital role in the assignment and management of IPv4 addresses within its region of jurisdiction. The organization assigns IP addresses to Internet Service Providers (ISPs), telecommunications networks, organizations, and other entities that need them for Internet connectivity. In addition to providing IP addresses, the RIPE NCC also maintains a public database, the RIPE Database, which documents the allocation and assignment of IP addresses and ASNs, thus contributing to the transparency and security of IP address management.
One of the most relevant features of the RIPE NCC database is the possibility of consulting the IPv4 addresses allocated to the various countries. This provides a detailed view of how IP addresses are distributed geographically, providing essential data for network analysis, cybersecurity, research and digital infrastructure planning.
How The Script Works
Without going into technical details or showing the source code, which you can download here https://github.com/MarcoMarcoaldi/bashransomvirusprotector the functioning of the script can be summarized in some key steps:
- Collection of IP addresses: The script accesses public and official sources such as RIPE to obtain IP addresses associated with specific country blocks.
- Processing and Filtering: Through Bash commands, it processes this information to extract relevant IP ranges based on the countries selected by the user.
- Firewall Rule Generation: Finally, it automatically generates firewall rules that can be applied directly to the system or exported for later use.
Significant Benefits
- Lightweight and Portable: Running entirely in Bash, the script is incredibly lightweight and can run on almost any Linux system with no additional requirements.
- Privacy and Security: By avoiding the use of commercial external databases, the script ensures that sensitive data should not be shared or exposed to third parties.
- Ease of Use: Even without advanced scripting or cybersecurity knowledge, users can easily implement powerful geographic filtering rules.
Practical usage examples and syntax
The provided script is a shell script designed to download and process IP address allocations from the RIPE NCC (Réseaux IP Européens Network Coordination Centre), focusing specifically on IPv4 addresses allocated to certain countries. This script is useful for automating the download and processing of IP address allocation data from the RIPE NCC, potentially for analysis, reporting, or integration into other tools or databases. In this specific case, it allows you to generate another script containing all the IPTables commands to block traffic coming from one or more countries.
Examples of usage and syntax include:
Get network blocks for France:
./bashramsonvirusprotector.sh -c FR
Obtain network blocks for Italy and France:
./bashransomvirusprotector.sh -c FR,IT
Block all Russian IP addresses:
./bashransomvirusprotector.sh -c RU -p "iptables -I INPUT -s " -P " -j REJECT"
Block all Russian and Chinese IP addresses:
./bashransomvirusprotector.sh -c RU,CN -p "iptables -I INPUT -s " -P " -j REJECT"
Create a script to block all Russian IPs:
./bashransomvirusprotector.sh -c RU -p "iptables -I INPUT -s " -P " -j REJECT" > script.sh
This command generates a simple script that blocks all incoming connections from Russia. Running script.sh
, all iptables commands will be applied.
Conclusions
In conclusion, bashramsonvirusprotector.sh is a simple Geo IP Blocker in Bash that represents a significant step forward in facilitating access to advanced cybersecurity tools. Inspired by the work of Giovambattista Vieri, but advancing towards an approach that favors simplicity and autonomy, this solution stands out as a valuable ally for anyone wishing to strengthen the security of their network with geographic precision.
In a digital world where threats can come from any corner of the globe, having such an agile and powerful tool is more essential than ever. The Bash version of RansomVirusProtector not only makes geographic protection more accessible but also opens up new possibilities for customization and integration, proving that when it comes to cybersecurity, flexibility and simplicity can go hand in hand with power. and effectiveness.