IPv4 Address CIDR by Country

This site uses GitHub Actions to automatically collect and aggregate the latest IP address data from multiple Regional Internet Registries (RIRs) daily. The collected data is converted into CIDR notation and subnet mask notation, and is provided in a text file format that can be easily used with Linux commands and similar tools.

What is This IP Address List Used For?

This IP address list is very useful for restricting network access by country in a Linux environment.

Usage Example

This example demonstrates how to allow only IPv4 addresses from Japan (Country Code: JP) using ipset and iptables.

  1. Installing ipset Command

    Installation command for Debian/Ubuntu-based Linux:

    apt install -y ipset
  2. Creating and Loading the CIDR File into ipset

    First, download the file containing all IPv4 CIDR lists (all-ipv4cidr.tsv.gz), extract only the Japanese IPv4 addresses to create the CIDR file, and then load this file into ipset.

    URL=https://github.com/inet-ip-info/WorldIPv4Map/releases/latest/download/all-ipv4cidr.tsv.gz
    CIDRFILE=/var/lib/ipset/ipset_list
    TIMEOUT_DAYS=7
    SETNAME=allow_list
    
    find $CIDRFILE -type f -mtime +$TIMEOUT_DAYS -exec rm -f {} \;
    [[ -f $CIDRFILE ]] ||
        curl -sL $URL |
        zcat |
        sed -n 's/^JP\t//p' \
            >$CIDRFILE
    
    /usr/sbin/ipset create $SETNAME hash:net
    /usr/sbin/ipset flush $SETNAME 2>/tmp/ipset.err.log
    
    while read line; do
        /usr/sbin/ipset add $SETNAME $line 2>>/tmp/ipset.err.log
    done <$CIDRFILE
  3. Allowing Specific Ports with iptables

    Finally, use iptables to allow only specific UDP ports (for example, 26900-26903) for IP addresses included in the $SETNAME ipset.

    # UDP (26900-26903)
    /sbin/iptables -A INPUT -p udp --dport 26900:26903 -m set --match-set $SETNAME src -j ACCEPT
    /sbin/iptables -A INPUT -p udp --dport 26900:26903 -j DROP

By using this setup, you can easily allow access only from IP addresses of a specific country.