Limit your SSH logins using GeoLite2 Country
#!/bin/bash
# UPPERCASE space-separated country codes to ACCEPT
ALLOW_COUNTRIES="US"
if [ $# -ne 1 ]; then
echo "Usage: `basename $0` <ip>" 1>&2
exit 0 # return true in case of config issue
fi
#COUNTRY=`/usr/local/bin/geoiplookup $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`
COUNTRY=$(/usr/local/bin/mmdblookup -f /usr/share/GeoIP/GeoLite2-Country.mmdb -i $1 country iso_code 2>&1| awk -F '"' '{ print $2 }'|head -n 2|tail -n 1)
COUNTRY=${COUNTRY:=IP Address not found}
[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE="ALLOW" || RESPONSE="DENY"
if [ $RESPONSE = "ALLOW" ]
then
logger -p auth.notice "$RESPONSE sshd connection from $1 ($COUNTRY)"
exit 0
else
logger -p auth.notice "$RESPONSE sshd connection from $1 ($COUNTRY)"
logger "$RESPONSE sshd connection from $1 ($COUNTRY)"
exit 1
fi
via:
https://www.axllent.org/docs/view/ssh-geoip/
https://github.com/maxmind/libmaxminddb#from-a-named-release-tarball
http://disq.us/p/201otjz