#############Config#################
$countryCode="CN" #차단할 나라의 CountryCode
#$geoIPcvsPath="c:\GeoIPCountryWhois.csv"
$geoIPcvsPath="\GeoIPCountryWhois.csv"
$ruleName="blockCountry"
#############Config#################
 
 
$geoData=Import-Csv $geoIPcvsPath -header sIP, eIP, start, end, cc, cn |  where-object {$_.cc –eq $countryCode}
$geoDataTotal=$geoData.Count
$remoteIP=""
 
 
######  룰이 있는 지 체크 ########
function ruleExistsChk ($ruleName)
{
    $fw=New-object -comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx
    $RuleCHK=$fw.rules | where-object {$_.name –eq $ruleName}
    if(!$RuleCHK){
    #$deny_rule_name + " 룰이 생성되어 있지 않습니다."; exit;
    netsh advfirewall firewall add rule name="$ruleName" localip=any dir=in action=block profile="any" interfacetype="any"
    }
}
######  룰이 있는 지 체크 ########
 
 
$count=1
foreach ($geoIP in $geoData)
{
    #$remoteIP+=@($geoIP.sIP+"-"+$geoIP.eIP+",") #배열로 저장.
     $remoteIP+=$geoIP.sIP+"-"+$geoIP.eIP+","
      
     #remoteAddr가 한개의 룰에 약 300개 이상이면 등록이 안됨. 안전하게 200으로 설정.
    if(($count%200) -eq 0)
    {
        $makeRuleName=$ruleName+$countryCode+$count
        ruleExistsChk($makeRuleName)
        netsh advfirewall firewall set rule name=$makeRuleName new remoteip="$remoteIP"
        $remoteIP=""
    }elseif($geoDataTotal -eq $count){
        $makeRuleName=$ruleName+$countryCode+$count
        ruleExistsChk($makeRuleName)
        netsh advfirewall firewall set rule name=$makeRuleName new remoteip="$remoteIP"
        $remoteIP=""
    }
 
     $count++
 
}