From de8f9aaeb63b16dee47d691e01c0e761366e86aa Mon Sep 17 00:00:00 2001
From: crowetic <jason@crowetic.com>
Date: Sat, 19 Oct 2024 15:33:37 -0700
Subject: [PATCH] added block-china.sh script to block chinese nodes incoming,
 and to add rate limiting for qortal p2p port, due to DDOS attacks from
 chinese IPs.

---
 block-china.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 block-china.sh

diff --git a/block-china.sh b/block-china.sh
new file mode 100755
index 0000000..3c6d441
--- /dev/null
+++ b/block-china.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Block Chinese IP ranges
+declare -a ip_ranges=(
+    "36.0.0.0/8"
+    "39.0.0.0/8"
+    "42.0.0.0/8"
+    "58.0.0.0/8"
+    "59.0.0.0/8"
+    "60.0.0.0/8"
+    "61.0.0.0/8"
+    "101.0.0.0/8"
+    "103.0.0.0/8"
+    "106.0.0.0/8"
+    "110.0.0.0/8"
+    "111.0.0.0/8"
+    "112.0.0.0/8"
+    "113.0.0.0/8"
+    "114.0.0.0/8"
+    "115.0.0.0/8"
+    "116.0.0.0/8"
+    "117.0.0.0/8"
+    "118.0.0.0/8"
+    "119.0.0.0/8"
+    "120.0.0.0/8"
+    "121.0.0.0/8"
+    "122.0.0.0/8"
+    "123.0.0.0/8"
+    "124.0.0.0/8"
+    "125.0.0.0/8"
+    "202.0.0.0/8"
+    "203.0.0.0/8"
+)
+
+# Loop through the IP ranges and add iptables rules to block them
+for ip_range in "${ip_ranges[@]}"
+do
+    sudo iptables -A INPUT -s $ip_range -j DROP
+    echo "Blocked IP range: $ip_range"
+done
+
+# Add connection limit rule
+sudo iptables -A INPUT -p tcp --syn --dport 12392:12392 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
+echo "Connection limit rule added on port 12392"
+