homemade_firewall/makeconf.sh

#!/bin/bash

# ${1} is original filename
# ${2} is counter (start at 0)
# ${3} is file to replace from
replace(){
  # change newlines to Ñ so we can use it as replacement pattern
  local pattern=$(sed ':a;N;$!ba;s/\n/Ñ/g;s/\(\/\|\.\)/\\\1/g' "${3}")
  if [ ${2} != "0" ]
  # Ñ is changed back to newlines before saving file
  then
    local new_content="$(sed "1,/^include \"\.\/[a-z]\+\.nft\"$/{s/^include \"\.\/[a-z]\+\.nft\"$/${pattern}/}" "${1}""$(bc -l <<< "${2} - 1")".nft | sed 's/Ñ/\n/g')";
    echo "${new_content}" > "${1}${2}".nft
  else
    local new_content="$(sed "1,/^include \"\.\/[a-z]\+\.nft\"$/{s/^include \"\.\/[a-z]\+\.nft\"$/${pattern}/}" "${1}".nft | sed 's/Ñ/\n/g')";
    echo "${new_content}" > "${1}${2}".nft
  fi
}

filename=filter
declare -i counter=0
# only replace local files
declare -a local_includes=( $(grep "include \"\./[a-z.]\+\"" filter.nft | awk '{print $2}' | tr -d \"))

for i in ${local_includes[@]}
  do replace "${filename}" "${counter}" "${i}"
  counter+=1
done

#rename last temp file to nftables.conf
counter=${counter}-1
mv "${filename}""${counter}".nft nftables.conf
counter=${counter}-1

while [ ${counter} -ge 0 ]
  #delete the rest of the temp files to nftables.conf
  do rm "${filename}""${counter}".nft
  counter=${counter}-1
done

# figure out what countries, if any, we're blocking
declare -a countries=($(ls -1 /var/geoipsets/dbip/nftset/ipv4/))
# figure out which line defines the elements of the blacklist set
line="$(grep -nA3 "ipv4_geo_blacklist" nftables.conf | grep elements | awk 'BEGIN{FS="-"} {print $1}')"
# insert names of the countries to block into the line that defines the elements of the set
for i in ${countries[@]};
  do sed -i "${line} s/elements = { \([A-Z]\{2\}\.ipv4,\? \)*/elements = { \1\$${i}, /" nftables.conf
done
# delete unnecesary last comma
sed -i "${line} s/, }/ }/" nftables.conf