diff --git a/README.md b/README.md index 7f1eb0c..2b5cf2c 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,76 @@ # routeros-geoip -Generate RouterOS Address Lists based on country code. This can be used for creating up to date geo-ip blocking lists which can be loaded into RouterOS. +Generate RouterOS address lists from GeoIP data for MikroTik routers. Supports multiple data providers for flexibility and redundancy. -### Create Configuration +## Supported Providers -Create a json config file containing the address lists you want to block and a URL for source information. Below is example.json +| Provider | Source | URL | +|----------|--------|-----| +| `ipverse` (default) | RIR data via GitHub | [ipverse/country-ip-blocks](https://github.com/ipverse/country-ip-blocks) | +| `ipdeny` | RIR data via ipdeny.com | [ipdeny.com](https://www.ipdeny.com/ipblocks/) | + +## Configuration + +Create a JSON config file specifying your list name, provider, and countries (ISO 3166-1 alpha-2 codes): ```json { + "list_name": "GeoBlock", + "provider": "ipverse", "countries": [ - { - "name": "CANADA", - "url": "https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/refs/heads/master/ipv4/ca.cidr" - }, - { - "name": "AUSTRALIA", - "url": "https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/refs/heads/master/ipv4/au.cidr" - } + "ca", + "au" ] } ``` -### Usage +### Configuration Fields + +| Field | Required | Default | Description | +|-------|----------|---------|-------------| +| `list_name` | Yes | — | RouterOS address list name | +| `provider` | No | `ipverse` | GeoIP data provider | +| `countries` | Yes | — | ISO 3166-1 alpha-2 country codes | + +## Usage ```sh -# Example usage -./routeros-geoip myAddressList example.json +# Build +go build -o routeros-geoip . + +# Generate blocklist +./routeros-geoip blocklist.json + +# Import on your MikroTik router +/import CountryIPBlocks.rsc ``` +## Example Output +The generated `.rsc` file includes metadata headers and cleans up old entries before importing: + +```routeros +# RouterOS GeoIP Address List: CountryIPBlocks +# Generated: 2026-05-01T22:44:48Z +# Countries: 14 +# Total entries: 33210 +# +/ip firewall address-list remove [find list=CountryIPBlocks] +/ip firewall address-list +add address=24.152.0.0/19 comment="BRAZIL" list=CountryIPBlocks +add address=45.4.4.0/22 comment="BRAZIL" list=CountryIPBlocks +... +``` + +## Adding a New Provider + +Implement the `Provider` interface: + +```go +type Provider interface { + Name() string + FetchCIDRs(countryCode string) ([]string, error) +} +``` + +Then register it in `NewProvider()` in `provider.go`. diff --git a/blocklist.json b/blocklist.json new file mode 100644 index 0000000..fc5fd27 --- /dev/null +++ b/blocklist.json @@ -0,0 +1,22 @@ +{ + "list_name": "CountryIPBlocks", + "provider": "ipverse", + "countries": [ + "br", + "by", + "cn", + "eg", + "id", + "in", + "ir", + "iq", + "il", + "lb", + "kp", + "pk", + "ru", + "tr", + "ua", + "vn" + ] +} \ No newline at end of file diff --git a/config.go b/config.go new file mode 100644 index 0000000..5974587 --- /dev/null +++ b/config.go @@ -0,0 +1,55 @@ +package main + +import ( + "encoding/json" + "fmt" + "os" + "strings" +) + +// Config represents the blocklist configuration file. +type Config struct { + // ListName is the name for the RouterOS address list (e.g. "CountryIPBlocks"). + ListName string `json:"list_name"` + + // Provider specifies which GeoIP data source to use. + // Supported values: "ipverse" (default), "ipdeny" + Provider string `json:"provider"` + + // Countries is a list of ISO 3166-1 alpha-2 country codes (lowercase). + Countries []string `json:"countries"` +} + +// LoadConfig reads and validates a blocklist configuration file. +func LoadConfig(filename string) (*Config, error) { + b, err := os.ReadFile(filename) + if err != nil { + return nil, fmt.Errorf("failed to read config file %q: %v", filename, err) + } + + var cfg Config + if err := json.Unmarshal(b, &cfg); err != nil { + return nil, fmt.Errorf("failed to parse config file %q: %v", filename, err) + } + + // Validate + if cfg.ListName == "" { + return nil, fmt.Errorf("config: list_name is required") + } + + if cfg.Provider == "" { + cfg.Provider = "ipverse" // default provider + } + cfg.Provider = strings.ToLower(cfg.Provider) + + if len(cfg.Countries) == 0 { + return nil, fmt.Errorf("config: at least one country code is required") + } + + // Normalize country codes to lowercase + for i := range cfg.Countries { + cfg.Countries[i] = strings.ToLower(strings.TrimSpace(cfg.Countries[i])) + } + + return &cfg, nil +} diff --git a/countries.go b/countries.go new file mode 100644 index 0000000..817b8b0 --- /dev/null +++ b/countries.go @@ -0,0 +1,175 @@ +package main + +// countryNames maps ISO 3166-1 alpha-2 country codes to uppercase display names +// used in RouterOS address list comments. +var countryNames = map[string]string{ + "af": "AFGHANISTAN", + "al": "ALBANIA", + "dz": "ALGERIA", + "ao": "ANGOLA", + "ar": "ARGENTINA", + "am": "ARMENIA", + "au": "AUSTRALIA", + "at": "AUSTRIA", + "az": "AZERBAIJAN", + "bh": "BAHRAIN", + "bd": "BANGLADESH", + "by": "BELARUS", + "be": "BELGIUM", + "bz": "BELIZE", + "bj": "BENIN", + "bt": "BHUTAN", + "bo": "BOLIVIA", + "ba": "BOSNIA AND HERZEGOVINA", + "bw": "BOTSWANA", + "br": "BRAZIL", + "bn": "BRUNEI", + "bg": "BULGARIA", + "bf": "BURKINA FASO", + "bi": "BURUNDI", + "kh": "CAMBODIA", + "cm": "CAMEROON", + "ca": "CANADA", + "cf": "CENTRAL AFRICAN REPUBLIC", + "td": "CHAD", + "cl": "CHILE", + "cn": "CHINA", + "co": "COLOMBIA", + "cg": "CONGO", + "cd": "CONGO (DRC)", + "cr": "COSTA RICA", + "hr": "CROATIA", + "cu": "CUBA", + "cy": "CYPRUS", + "cz": "CZECH REPUBLIC", + "dk": "DENMARK", + "dj": "DJIBOUTI", + "do": "DOMINICAN REPUBLIC", + "ec": "ECUADOR", + "eg": "EGYPT", + "sv": "EL SALVADOR", + "gq": "EQUATORIAL GUINEA", + "er": "ERITREA", + "ee": "ESTONIA", + "et": "ETHIOPIA", + "fi": "FINLAND", + "fr": "FRANCE", + "ga": "GABON", + "gm": "GAMBIA", + "ge": "GEORGIA", + "de": "GERMANY", + "gh": "GHANA", + "gr": "GREECE", + "gt": "GUATEMALA", + "gn": "GUINEA", + "gy": "GUYANA", + "ht": "HAITI", + "hn": "HONDURAS", + "hk": "HONG KONG", + "hu": "HUNGARY", + "is": "ICELAND", + "in": "INDIA", + "id": "INDONESIA", + "ir": "IRAN", + "iq": "IRAQ", + "ie": "IRELAND", + "il": "ISRAEL", + "it": "ITALY", + "jm": "JAMAICA", + "jp": "JAPAN", + "jo": "JORDAN", + "kz": "KAZAKHSTAN", + "ke": "KENYA", + "kw": "KUWAIT", + "kg": "KYRGYZSTAN", + "la": "LAOS", + "lv": "LATVIA", + "lb": "LEBANON", + "ly": "LIBYA", + "lt": "LITHUANIA", + "lu": "LUXEMBOURG", + "mo": "MACAU", + "mg": "MADAGASCAR", + "mw": "MALAWI", + "my": "MALAYSIA", + "ml": "MALI", + "mt": "MALTA", + "mr": "MAURITANIA", + "mu": "MAURITIUS", + "mx": "MEXICO", + "md": "MOLDOVA", + "mn": "MONGOLIA", + "me": "MONTENEGRO", + "ma": "MOROCCO", + "mz": "MOZAMBIQUE", + "mm": "MYANMAR", + "na": "NAMIBIA", + "np": "NEPAL", + "nl": "NETHERLANDS", + "nz": "NEW ZEALAND", + "ni": "NICARAGUA", + "ne": "NIGER", + "ng": "NIGERIA", + "kp": "NORTH KOREA", + "mk": "NORTH MACEDONIA", + "no": "NORWAY", + "om": "OMAN", + "pk": "PAKISTAN", + "ps": "PALESTINE", + "pa": "PANAMA", + "pg": "PAPUA NEW GUINEA", + "py": "PARAGUAY", + "pe": "PERU", + "ph": "PHILIPPINES", + "pl": "POLAND", + "pt": "PORTUGAL", + "qa": "QATAR", + "ro": "ROMANIA", + "ru": "RUSSIA", + "rw": "RWANDA", + "sa": "SAUDI ARABIA", + "sn": "SENEGAL", + "rs": "SERBIA", + "sg": "SINGAPORE", + "sk": "SLOVAKIA", + "si": "SLOVENIA", + "so": "SOMALIA", + "za": "SOUTH AFRICA", + "kr": "SOUTH KOREA", + "ss": "SOUTH SUDAN", + "es": "SPAIN", + "lk": "SRI LANKA", + "sd": "SUDAN", + "se": "SWEDEN", + "ch": "SWITZERLAND", + "sy": "SYRIA", + "tw": "TAIWAN", + "tj": "TAJIKISTAN", + "tz": "TANZANIA", + "th": "THAILAND", + "tg": "TOGO", + "tn": "TUNISIA", + "tr": "TURKEY", + "tm": "TURKMENISTAN", + "ug": "UGANDA", + "ua": "UKRAINE", + "ae": "UNITED ARAB EMIRATES", + "gb": "UNITED KINGDOM", + "us": "UNITED STATES", + "uy": "URUGUAY", + "uz": "UZBEKISTAN", + "ve": "VENEZUELA", + "vn": "VIETNAM", + "ye": "YEMEN", + "zm": "ZAMBIA", + "zw": "ZIMBABWE", +} + +// CountryName returns the display name for a country code. +// Falls back to the uppercase country code if not found. +func CountryName(code string) string { + if name, ok := countryNames[code]; ok { + return name + } + return code +} diff --git a/example.json b/example.json deleted file mode 100644 index 4ef95c8..0000000 --- a/example.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "countries": [ - { - "name": "CANADA", - "url": "https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/refs/heads/master/ipv4/ca.cidr" - }, - { - "name": "AUSTRALIA", - "url": "https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/refs/heads/master/ipv4/au.cidr" - } - ] -} \ No newline at end of file diff --git a/generator.go b/generator.go new file mode 100644 index 0000000..4ca594c --- /dev/null +++ b/generator.go @@ -0,0 +1,55 @@ +package main + +import ( + "fmt" + "os" + "strings" + "time" +) + +// CountryData holds the resolved CIDR blocks for a single country. +type CountryData struct { + Code string // ISO 3166-1 alpha-2 country code + Name string // Display name for RouterOS comments + CIDRs []string // IPv4 CIDR blocks +} + +// GenerateRSC produces a RouterOS .rsc script file that populates an address list. +// The filename includes today's date, e.g. "CountryIPBlocks-2026-05-01.rsc". +// Returns the generated filename. +func GenerateRSC(countries []CountryData, listName string) (string, error) { + now := time.Now() + datedName := fmt.Sprintf("%s-%s", listName, now.Format("2006-01-02")) + filename := fmt.Sprintf("%s.rsc", datedName) + + var b strings.Builder + + // Header with metadata + b.WriteString(fmt.Sprintf("# RouterOS GeoIP Address List: %s\n", datedName)) + b.WriteString(fmt.Sprintf("# Generated: %s\n", now.UTC().Format(time.RFC3339))) + b.WriteString(fmt.Sprintf("# Countries: %d\n", len(countries))) + + totalCIDRs := 0 + for _, c := range countries { + totalCIDRs += len(c.CIDRs) + } + b.WriteString(fmt.Sprintf("# Total entries: %d\n", totalCIDRs)) + b.WriteString("#\n") + + // Each run creates a uniquely-named list (e.g. CountryIPBlocks-2026-05-01). + // Workflow: import this file, then atomically swap your firewall rules to + // reference the new list, then remove the old dated list. + b.WriteString("/ip firewall address-list\n") + + for _, country := range countries { + for _, cidr := range country.CIDRs { + b.WriteString(fmt.Sprintf("add address=%s comment=\"%s\" list=%s\n", cidr, country.Name, datedName)) + } + } + + if err := os.WriteFile(filename, []byte(b.String()), os.ModePerm); err != nil { + return "", fmt.Errorf("failed to write file %q: %v", filename, err) + } + + return filename, nil +} diff --git a/main.go b/main.go index 37890f6..8631d45 100644 --- a/main.go +++ b/main.go @@ -1,109 +1,122 @@ package main import ( - "bufio" - "encoding/json" "fmt" "log" - "net" - "net/http" "os" + "sync" + "time" ) -type Country struct { - Name string `json:"name"` - Url string `json:"url"` - v4Addresses []string -} - -type JsonListFile struct { - Countries []Country `json:"countries"` -} - func main() { - - // Validate arguments - if len(os.Args) < 3 { - log.Fatalf("usage: %s ", os.Args[0]) + if len(os.Args) < 2 { + fmt.Fprintf(os.Stderr, "Usage: %s \n", os.Args[0]) + fmt.Fprintf(os.Stderr, "\nGenerates a RouterOS address list (.rsc) from GeoIP data.\n") + fmt.Fprintf(os.Stderr, "\nExample:\n %s blocklist.json\n", os.Args[0]) + os.Exit(1) } - blockListName := os.Args[1] - jsonListFile := os.Args[2] - // Load blocklist config file - countries, err := readJsonListFile(jsonListFile) + configFile := os.Args[1] + + // Load configuration + cfg, err := LoadConfig(configFile) if err != nil { - log.Fatalf("failed to read jsonlistfile '%s': %v", jsonListFile, err) + log.Fatalf("Error loading config: %v", err) } - // Download up to date geoip CIDR data - for i := range countries { - fmt.Println("downloading cidr list for country:", countries[i].Name) - countries[i].v4Addresses, err = downloadAddressList(countries[i].Url) - if err != nil { - log.Fatalf("failed to download address list for county'%s': %v", countries[i].Name, err) - } - } - - // Generate mikrotik block list - fmt.Printf("generating blocklist %s.rsc\n", blockListName) - err = generateOutput(countries, blockListName) + // Initialize provider + provider, err := NewProvider(cfg.Provider) if err != nil { - log.Fatalf("failed to generate output file: %v", err) - } - fmt.Printf("\n\nCopy the file the router, then import the address list\n\n\t/import %s.rsc\n", blockListName) -} - -func generateOutput(countries []Country, blockListName string) error { - output := "/ip firewall address-list\n" - for _, country := range countries { - for _, v4Address := range country.v4Addresses { - output += fmt.Sprintf("add address=%s comment=\"%s\" list=%s\n", v4Address, country.Name, blockListName) - } + log.Fatalf("Error initializing provider: %v", err) } - err := os.WriteFile(fmt.Sprintf("%s.rsc", blockListName), []byte(output), os.ModePerm) - if err != nil { - return fmt.Errorf("failed to write file '%s.rsc': %v", blockListName, err) - } - return nil -} + fmt.Printf("╔══════════════════════════════════════════╗\n") + fmt.Printf("║ routeros-geoip generator ║\n") + fmt.Printf("╚══════════════════════════════════════════╝\n") + fmt.Printf(" Provider: %s\n", provider.Name()) + fmt.Printf(" List name: %s\n", cfg.ListName) + fmt.Printf(" Countries: %d\n\n", len(cfg.Countries)) -func downloadAddressList(url string) ([]string, error) { - resp, err := http.Get(url) - if err != nil { - return nil, fmt.Errorf("http get error on url '%s': %v", url, err) + // Download CIDR data for all countries concurrently + type result struct { + data CountryData + err error } - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("unexpected http status - expected '%d' but got '%d'", http.StatusOK, resp.StatusCode) + + results := make([]result, len(cfg.Countries)) + var wg sync.WaitGroup + + start := time.Now() + + for i, code := range cfg.Countries { + wg.Add(1) + go func(idx int, countryCode string) { + defer wg.Done() + + name := CountryName(countryCode) + fmt.Printf(" ↓ downloading %s (%s)...\n", name, countryCode) + + cidrs, err := provider.FetchCIDRs(countryCode) + if err != nil { + results[idx] = result{err: fmt.Errorf("%s (%s): %v", name, countryCode, err)} + return + } + + results[idx] = result{ + data: CountryData{ + Code: countryCode, + Name: name, + CIDRs: cidrs, + }, + } + fmt.Printf(" ✓ %s: %d CIDRs\n", name, len(cidrs)) + }(i, code) } - scanner := bufio.NewScanner(resp.Body) - scanner.Split(bufio.ScanLines) - v4Addresses := make([]string, 0) - for scanner.Scan() { - line := scanner.Text() - _, ipnet, err := net.ParseCIDR(line) - if err != nil { - log.Printf("skipping line: failed to parse line '%s' to cidr: %v", line, err) + + wg.Wait() + elapsed := time.Since(start) + + // Collect results and check for errors + var countries []CountryData + var errors []error + + for _, r := range results { + if r.err != nil { + errors = append(errors, r.err) continue } - v4Addresses = append(v4Addresses, ipnet.String()) + countries = append(countries, r.data) } - return v4Addresses, nil -} -// reads the json config file containing the lists of countries you want to block -func readJsonListFile(filename string) ([]Country, error) { - b, err := os.ReadFile(filename) + if len(errors) > 0 { + fmt.Printf("\n⚠ Errors occurred:\n") + for _, err := range errors { + fmt.Printf(" ✗ %v\n", err) + } + if len(countries) == 0 { + log.Fatalf("All downloads failed, cannot generate output") + } + fmt.Printf("\nContinuing with %d/%d countries...\n", len(countries), len(cfg.Countries)) + } + + // Generate output + fmt.Printf("\n Generating output...\n") + outputFile, err := GenerateRSC(countries, cfg.ListName) if err != nil { - return nil, fmt.Errorf("failed to open file %s: %v", filename, err) + log.Fatalf("Error generating output: %v", err) } - jsonListFile := JsonListFile{} - - err = json.Unmarshal(b, &jsonListFile) - if err != nil { - return nil, fmt.Errorf("failed to unmarshal json file to jsonListFile struct: %v", err) + totalCIDRs := 0 + for _, c := range countries { + totalCIDRs += len(c.CIDRs) } - return jsonListFile.Countries, nil + fmt.Printf("\n╔══════════════════════════════════════════════════════╗\n") + fmt.Printf("║ Done! %-46s║\n", fmt.Sprintf("(%s)", elapsed.Round(time.Millisecond))) + fmt.Printf("╠══════════════════════════════════════════════════════╣\n") + fmt.Printf("║ Output: %-43s║\n", outputFile) + fmt.Printf("║ Entries: %-43s║\n", fmt.Sprintf("%d CIDRs across %d countries", totalCIDRs, len(countries))) + fmt.Printf("╚══════════════════════════════════════════════════════╝\n") + fmt.Printf("\nImport on your MikroTik router:\n") + fmt.Printf(" /import %s\n\n", outputFile) } diff --git a/provider.go b/provider.go new file mode 100644 index 0000000..2fce36f --- /dev/null +++ b/provider.go @@ -0,0 +1,27 @@ +package main + +import "fmt" + +// Provider defines the interface for GeoIP data sources. +// Each provider knows how to fetch IPv4 CIDR blocks for a given country. +type Provider interface { + // Name returns the human-readable name of this provider. + Name() string + + // FetchCIDRs downloads and returns a slice of IPv4 CIDR strings + // for the given ISO 3166-1 alpha-2 country code (lowercase). + FetchCIDRs(countryCode string) ([]string, error) +} + +// NewProvider creates a Provider by name. +// Supported providers: "ipverse", "ipdeny" +func NewProvider(name string) (Provider, error) { + switch name { + case "ipverse": + return &IPverseProvider{}, nil + case "ipdeny": + return &IPDenyProvider{}, nil + default: + return nil, fmt.Errorf("unknown provider %q (supported: ipverse, ipdeny)", name) + } +} diff --git a/provider_ipdeny.go b/provider_ipdeny.go new file mode 100644 index 0000000..ec5a419 --- /dev/null +++ b/provider_ipdeny.go @@ -0,0 +1,24 @@ +package main + +import ( + "fmt" + "strings" +) + +const ipdenyBaseURL = "https://www.ipdeny.com/ipblocks/data/aggregated" + +// IPDenyProvider fetches GeoIP data from ipdeny.com. +// IPDeny provides aggregated country-level IP blocks derived from RIR data. +// Website: https://www.ipdeny.com/ipblocks/ +type IPDenyProvider struct{} + +func (p *IPDenyProvider) Name() string { + return "ipdeny" +} + +// FetchCIDRs downloads IPv4 CIDR blocks for a country from ipdeny. +// URL format: https://www.ipdeny.com/ipblocks/data/aggregated/{cc}-aggregated.zone +func (p *IPDenyProvider) FetchCIDRs(countryCode string) ([]string, error) { + url := fmt.Sprintf("%s/%s-aggregated.zone", ipdenyBaseURL, strings.ToLower(countryCode)) + return downloadAndParseCIDRs(url) +} diff --git a/provider_ipverse.go b/provider_ipverse.go new file mode 100644 index 0000000..06576a3 --- /dev/null +++ b/provider_ipverse.go @@ -0,0 +1,67 @@ +package main + +import ( + "bufio" + "fmt" + "net" + "net/http" + "strings" +) + +const ipverseBaseURL = "https://raw.githubusercontent.com/ipverse/country-ip-blocks/master/country" + +// IPverseProvider fetches GeoIP data from the ipverse/country-ip-blocks GitHub repository. +// Data is sourced from Regional Internet Registries (RIRs) and aggregated by ipverse. +// Repository: https://github.com/ipverse/country-ip-blocks +type IPverseProvider struct{} + +func (p *IPverseProvider) Name() string { + return "ipverse" +} + +// FetchCIDRs downloads IPv4 CIDR blocks for a country from ipverse. +// URL format: https://raw.githubusercontent.com/ipverse/country-ip-blocks/master/country/{cc}/ipv4-aggregated.txt +func (p *IPverseProvider) FetchCIDRs(countryCode string) ([]string, error) { + url := fmt.Sprintf("%s/%s/ipv4-aggregated.txt", ipverseBaseURL, strings.ToLower(countryCode)) + return downloadAndParseCIDRs(url) +} + +// downloadAndParseCIDRs is a shared helper that downloads a URL containing +// one CIDR per line and returns validated CIDR strings. +func downloadAndParseCIDRs(url string) ([]string, error) { + resp, err := http.Get(url) + if err != nil { + return nil, fmt.Errorf("http get error on url %q: %v", url, err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("unexpected http status %d from %q", resp.StatusCode, url) + } + + scanner := bufio.NewScanner(resp.Body) + scanner.Split(bufio.ScanLines) + + var cidrs []string + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + + // Skip empty lines and comments + if line == "" || strings.HasPrefix(line, "#") { + continue + } + + _, ipnet, err := net.ParseCIDR(line) + if err != nil { + // Skip unparseable lines rather than failing the whole country + continue + } + cidrs = append(cidrs, ipnet.String()) + } + + if err := scanner.Err(); err != nil { + return nil, fmt.Errorf("error reading response body from %q: %v", url, err) + } + + return cidrs, nil +}