IR-Access

IR-Access is a Go-based application designed to fetch Iranian IP prefixes and set up firewall rules using nftables to allow only Iranian traffic while keeping SSH access open.

Features

Fetches Iranian IP prefixes from bgp.tools
Filters the IP prefixes based on predefined ASN numbers
Converts IPv4 prefixes to /24 blocks
Configures nftables to allow traffic only from Iran (except SSH)
Automated setup and verification

Prerequisites

Ensure the following dependencies are installed on your system:

Go (>=1.22)
nftables
sudo privileges (for setup operation)

Run

Linux:

All binaries are available in amd64 and arm64.

wget "https://github.com/irgfw/ir-access/releases/latest/download/ir-access-linux-amd64" -O ir-access && chmod +x ir-access

```
./ir-access -f
```

Windows:

Download from Releases.
Open CMD or Powershell in the directory.
```
.\ir-access-windows-amd64.exe --fetch
```

Build

Clone the repository:

git clone https://github.com/yourusername/IR-Access.git
cd IR-Access

Build the application:
```
go build -o ir-access
```

Usage

Run the application with the following options:

./ir-access [OPTIONS]

Available Options

Option	Short Flag	Description
`--fetch`	`-f`	Fetch all Iranian IP prefixes from bgp.tools.
`--setup`	`-s`	Set up nftables rules to allow Iran-only access (fetches prefixes).
`--help`	`-h`	Show help message.

Examples

Fetch Iranian IP prefixes:
```
./ir-access --fetch
```
Set up firewall rules to allow Iran-Only access (excluding SSH):
```
sudo ./ir-access --setup
```

Note that for now, only Ubuntu (>22) and Debian (>12) are supported for the `-s` or `--setup` flag.

How It Works

Fetching Prefixes:
- Downloads the IP prefix data from bgp.tools.
- Filters the prefixes based on specific ASN numbers.
- Saves IPv4 and IPv6 prefixes into respective text files.
Setting Up nftables:
- Reads the stored prefix files.
- Detects the SSH port from /etc/ssh/sshd_config.
- Configures firewall rules to allow only Iranian traffic.
- Applies and verifies the nftables rules.

License

This project is licensed under the MIT License.

Contributions

Contributions are welcome! Feel free to fork the repository and submit a pull request.

Name		Name	Last commit message	Last commit date
Latest commit History 74 Commits
.github/workflows		.github/workflows
LICENSE		LICENSE
README.md		README.md
fetch_prefixes.go		fetch_prefixes.go
go.mod		go.mod
go.sum		go.sum
ir_prefixes_v4.txt		ir_prefixes_v4.txt
ir_prefixes_v6.txt		ir_prefixes_v6.txt
main.go		main.go
setup_nftables.go		setup_nftables.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

IR-Access

Features

Prerequisites

Run

Linux:

Windows:

Build

Usage

Available Options

Examples

Note that for now, only Ubuntu (>22) and Debian (>12) are supported for the `-s` or `--setup` flag.

How It Works

License

Contributions

About

Releases 2

Contributors 2

Languages

License

irgfw/ir-access

Folders and files

Latest commit

History

Repository files navigation

IR-Access

Features

Prerequisites

Run

Linux:

Windows:

Build

Usage

Available Options

Examples

Note that for now, only Ubuntu (>22) and Debian (>12) are supported for the -s or --setup flag.

How It Works

License

Contributions

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 2

Contributors 2

Languages

Note that for now, only Ubuntu (>22) and Debian (>12) are supported for the `-s` or `--setup` flag.