This site uses GitHub Actions to automatically collect and aggregate the latest IP address data from multiple Regional Internet Registries (RIRs) daily. The collected data is converted into CIDR notation and subnet mask notation, and is provided in a text file format that can be easily used with Linux commands and similar tools.
This IP address list is very useful for restricting network access by country in a Linux environment.
This example demonstrates how to allow only IPv4 addresses from Japan (Country Code: JP) using ipset
and
iptables
.
Installation command for Debian/Ubuntu-based Linux:
apt install -y ipset
First, download the file containing all IPv4 CIDR lists (all-ipv4cidr.tsv.gz), extract only the Japanese IPv4 addresses to create the CIDR file, and then load this file into ipset.
URL=https://github.com/inet-ip-info/WorldIPv4Map/releases/latest/download/all-ipv4cidr.tsv.gz
CIDRFILE=/var/lib/ipset/ipset_list
TIMEOUT_DAYS=7
SETNAME=allow_list
find $CIDRFILE -type f -mtime +$TIMEOUT_DAYS -exec rm -f {} \;
[[ -f $CIDRFILE ]] ||
curl -sL $URL |
zcat |
sed -n 's/^JP\t//p' \
>$CIDRFILE
/usr/sbin/ipset create $SETNAME hash:net
/usr/sbin/ipset flush $SETNAME 2>/tmp/ipset.err.log
while read line; do
/usr/sbin/ipset add $SETNAME $line 2>>/tmp/ipset.err.log
done <$CIDRFILE
Finally, use iptables to allow only specific UDP ports (for example, 26900-26903) for IP addresses included in the $SETNAME ipset.
# UDP (26900-26903)
/sbin/iptables -A INPUT -p udp --dport 26900:26903 -m set --match-set $SETNAME src -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 26900:26903 -j DROP
By using this setup, you can easily allow access only from IP addresses of a specific country.