IR-Access is a Go-based application designed to fetch Iranian IP prefixes and set up firewall rules using nftables to allow only Iranian traffic while keeping SSH access open.
- Fetches Iranian IP prefixes from bgp.tools
- Filters the IP prefixes based on predefined ASN numbers
- Converts IPv4 prefixes to /24 blocks
- Configures
nftablesto allow traffic only from Iran (except SSH) - Automated setup and verification
Ensure the following dependencies are installed on your system:
- Go (>=1.24)
- nftables
- sudo privileges (for setup operation)
-
Install Golang.
-
Clone the repository:
git clone https://github.com/compassvpn/ir-access.git cd ir-access -
Build the application:
go build
Run the application with the following options:
./ir-access [OPTIONS]| Option | Short Flag | Description |
|---|---|---|
--fetch |
-f |
Fetch all Iranian IP prefixes from bgp.tools. |
--setup |
-s |
Set up nftables rules to allow Iran-only access (fetches prefixes). |
--help |
-h |
Show help message. |
-
Fetch Iranian IP prefixes:
./ir-access --fetch
-
Set up firewall rules to allow Iran-Only access (excluding SSH):
sudo ./ir-access --setup
-
Fetching Prefixes:
- Downloads the IP prefix data from
bgp.tools. - Filters the prefixes based on specific ASN numbers.
- Saves IPv4 and IPv6 prefixes into respective text files.
- Downloads the IP prefix data from
-
Setting Up nftables:
- Reads the stored prefix files.
- Detects the SSH port from
/etc/ssh/sshd_config. - Configures firewall rules to allow only Iranian traffic.
- Applies and verifies the nftables rules.
This project is licensed under the MIT License.
Contributions are welcome! Feel free to fork the repository and submit a pull request.