日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

方法一：使用大神的開源腳本，屏蔽指定國家地區(qū)的IP訪問

wget https://raw.githubusercontent.com/iiiiiii1/Block-IPs-from-countries/master/block-ips.sh
sh block-ips.sh

方法二：使用IPIP的數(shù)據(jù)庫進行流量屏蔽（推薦，目前已支持centos6和7還有ubuntu系統(tǒng)）

#!/bin/bash
#判斷是否具有root權限
root_need() {
 if [[ $EUID -ne 0 ]]; then
 echo "Error:This script must be run as root!" 1>&2
 exit 1
 fi
}
#檢查系統(tǒng)分支及版本(主要是：分支->>版本>>決定命令格式)
check_release() {
 if uname -a | grep el7 ; then
 release="centos7"
 elif uname -a | grep el6 ; then
 release="centos6"
 yum install ipset -y
 elif cat /etc/issue |grep -i ubuntu ; then
 release="ubuntu"
 apt install ipset -y
 fi
}
#安裝必要的軟件(wget),并下載中國IP網段文件(最后將局域網地址也放進去)
get_china_ip() {
	#安裝必要的軟件(wget)
	rpm --help >/dev/null 2>&1 && rpm -qa |grep wget >/dev/null 2>&1 ||yum install -y wget ipset >/dev/null 2>&1 
	dpkg --help >/dev/null 2>&1 && dpkg -l |grep wget >/dev/null 2>&1 ||apt-get install wget ipset -y >/dev/null 2>&1
	#該文件由IPIP維護更新，大約一月一次更新(也可以用我放在國內的存儲的版本，2018-9-8日版)
	[ -f china_ip_list.txt ] && mv china_ip_list.txt china_ip_list.txt.old
	wget https://github.com/17mon/china_ip_list/blob/master/china_ip_list.txt
	cat china_ip_list.txt |grep 'js-file-line">' |awk -F'js-file-line">' '{print $2}' |awk -F'< ' '{print $1}' >> china_ip.txt
	rm -rf china_ip_list.txt
	#wget https://qiniu.wsfnk.com/china_ip.txt
	#放行局域網地址
	echo "192.168.0.0/18" >> china_ip.txt
	echo "10.0.0.0/8" >> china_ip.txt
	echo "172.16.0.0/12" >> china_ip.txt
}
#只允許國內IP訪問
ipset_only_china() {
	echo "ipset create whitelist-china hash:net hashsize 10000 maxelem 1000000" > /etc/ip-black.sh
	for i in $( cat china_ip.txt )
	do
 	echo "ipset add whitelist-china $i" >> /etc/ip-black.sh
	done
	echo "iptables -I INPUT -m set --match-set whitelist-china src -j ACCEPT" >> /etc/ip-black.sh
	#拒絕非國內和內網地址發(fā)起的tcp連接請求（tcp syn 包）（注意，只是屏蔽了入向的tcp syn包，該主機主動訪問國外資源不用影響）
	echo "iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 0 -j DROP" >> /etc/ip-black.sh
	#拒絕非國內和內網發(fā)起的ping探測（不影響本機ping外部主機）
	echo "iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP" >> /etc/ip-black.sh
	#echo "iptables -A INPUT -j DROP" >> /etc/ip-black.sh
	rm -rf china_ip.txt
}
run_setup() {
	chmod +x /etc/rc.local
	sh /etc/ip-black.sh
	rm -rf /etc/ip-black.sh
	#下面這句主要是兼容centos6不能使用"-f"參數(shù)
	ipset save whitelist-china -f /etc/ipset.conf || ipset save whitelist-china > /etc/ipset.conf
	[ $release = centos7 ] && echo "ipset restore -f /etc/ipset.conf" >> /etc/rc.local
	[ $release = centos6 ] && echo "ipset restore < /etc/ipset.conf" >> /etc/rc.local
	echo "iptables -I INPUT -m set --match-set whitelist-china src -j ACCEPT" >> /etc/rc.local
	echo "iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 0 -j DROP" >> /etc/rc.local
	echo "iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP" >> /etc/rc.local
	#echo "iptables -A INPUT -j DROP" >> /etc/rc.local
}
main() {
	check_release
	get_china_ip
	ipset_only_china
case "$release" in
centos6)
	run_setup
	;;
centos7)
	chmod +x /etc/rc.d/rc.local
	run_setup
	;;
ubuntu)
	sed -i '/exit 0/d' /etc/rc.local
	run_setup
	echo "exit 0" >> /etc/rc.local
	;;
esac
}
main