how to setup the opposite, instead block, allow about ipset-country HOT 4 CLOSED

Sorry about that. I re read again and I found:

MODE="reject" # Set target to use when ip matches country [accept|drop|reject]

I will test changing it to allow. After that, means that all other will block?

Thanks.

from ipset-country.

I m trying to run your beautiful script on a server debian 

`
linux:/etc/init.d# uname -a
Linux debian 3.10.0-957.12.2.vz7.96.21 #1 SMP Thu Jun 27 15:10:55 MSK 2019 i686 GNU/Linux

linux:/etc/init.d# cat /etc/issue
Debian GNU/Linux 5.0 \n \l

linux:/etc/init.d# iptables -v
iptables v1.4.2

linux:/etc/init.d# ipset -v
ipset v2.3.3

I just modified:
DISTRO="debian"  # Also I tried auto
COUNTRY="BR, Brazil" # Also I tried default that had before
MODE="accept" # Also I left default like before

Ii got some errors:
First time running:
./ipset-country
basename: invalid option -- s
Try basename --help' for more information. Bad argument create'
Try `ipset -H' or 'ipset --help' for more information.
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory

FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
iptables v1.4.2: Unknown arg (null)' Try iptables -h' or 'iptables --help' for more information.
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
Bad argument create' Try ipset -H' or 'ipset --help' for more information.
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
iptables v1.4.2: Unknown arg (null)' Try iptables -h' or 'iptables --help' for more information.
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
FATAL: Could not load /lib/modules/3.10.0-957.12.2.vz7.96.21/modules.dep: No such file or directory
sed: invalid option -- E
Usage: sed [OPTION]... {script-only-if-no-other-script} [input-file]...

-n, --quiet, --silent
suppress automatic printing of pattern space
-e script, --expression=script
add the script to the commands to be executed
-f script-file, --file=script-file
add the contents of script-file to the commands to be executed
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if extension supplied)
-l N, --line-length=N
specify the desired line-wrap length for the `l' command
--posix
disable all GNU extensions.
-r, --regexp-extended
use extended regular expressions in the script.
-s, --separate
consider files as separate rather than as a single continuous
long stream.
-u, --unbuffered
load minimal amounts of data from the input files and flush
the output buffers more often
--help display this help and exit
--version output version information and exit

If no -e, --expression, -f, or --file option is given, then the first
non-option argument is taken as the sed script to interpret. All
remaining arguments are names of input files; if no input files are
specified, then the standard input is read.

E-mail bug reports to: [email protected] .
Be sure to include the word sed'' somewhere in the Subject:'' field.

Second time running:
./ipset-country
basename: invalid option -- s
Try `basename --help' for more information.
sed: invalid option -- E
Usage: sed [OPTION]... {script-only-if-no-other-script} [input-file]...

-n, --quiet, --silent
suppress automatic printing of pattern space
-e script, --expression=script
add the script to the commands to be executed
-f script-file, --file=script-file
add the contents of script-file to the commands to be executed
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if extension supplied)
-l N, --line-length=N
specify the desired line-wrap length for the `l' command
--posix
disable all GNU extensions.
-r, --regexp-extended
use extended regular expressions in the script.
-s, --separate
consider files as separate rather than as a single continuous
long stream.
-u, --unbuffered
load minimal amounts of data from the input files and flush
the output buffers more often
--help display this help and exit
--version output version information and exit

If no -e, --expression, -f, or --file option is given, then the first
non-option argument is taken as the sed script to interpret. All
remaining arguments are names of input files; if no input files are
specified, then the standard input is read.

E-mail bug reports to: [email protected] .
Be sure to include the word sed'' somewhere in the Subject:'' field.

`

Thanks for helping and sharing.

from ipset-country.

Few things:

• It's COUNTRY="CN,China; RU,Russia" so no space between isocode and countryname
• You seem to be using OpenVZ? iptables usually does not work unless module is configured for VE (on Host)
• Judging from output you pasted coreutils and other utils like sed seem to be missing modern (gnu) flags
• Also according to /etc/issue you're running Debian 5 which is 10 years old..

So probably this script is not going to work for you

from ipset-country.

from ipset-country.