firewall whitelist

#!/bin/bash
# delete rules (if exists)
for num in `iptables -L INPUT -n -v --line-numbers | grep whitelist | awk '{print $1}' | sort -nr`  ; do iptables  -D INPUT  $num ;  done
#exit 0
# delete whitelist list
ipset -X whitelist
# create new whitelist
ipset -N whitelist nethash
# download network list
wget -O whitelist http://www.ipdeny.com/ipblocks/data/countries/{ru,ua,kz,by,uz,md,kg,de,am,az,ge,ee,tj,lv}.zone
echo  'create whitelist ipset'
list=$(cat /usr/local/sys/whitelist)
net_count=$(cat /usr/local/sys/whitelist | wc -l)
i=0
BAR='####################' 
#exit 0
for ipnet in $list
 do
 ipset -A whitelist $ipnet
 i=$(($i+1))
 echo -ne "\r$((100*$i/$net_count))% ${BAR:0:$((20*$i/$net_count))}"
 done
echo -ne "\ndone create whitelist\n"
# drop all from non exUSSR countrys
iptables -I  INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 22 -j DROP
iptables -I  INPUT 1 -i ens3 -m set ! --match-set whitelist src -p tcp --dport 80   -j DROP