docs: update ACL country support

ACL.md

@@ -13,14 +13,12 @@ Example:
 direct domain evil.corp
 proxy domain-suffix google.com
 block ip 1.2.3.4
+block country cn
 hijack cidr 192.168.1.1/24 127.0.0.1
 
 direct all
 ```
 
-A real-life ACL example of directly connecting to all China IPs (and its generator Python
-script) [can be found here](docs/acl).
-
 Hysteria acts according to the first matching rule in the file for each request. When there is no match, the default
 behavior is to proxy all connections. You can override this by adding a rule at the end of the file with the condition
 `all`.
@@ -35,7 +33,7 @@ behavior is to proxy all connections. You can override this by adding a rule at
 
 `hijack` - hijack the connection to another target address (must be specified in the argument)
 
-5 condition types:
+6 condition types:
 
 `domain` - match a specific domain (does NOT match subdomains! e.g. `apple.com` will not match `cdn.apple.com`)
 
@@ -45,6 +43,8 @@ behavior is to proxy all connections. You can override this by adding a rule at
 
 `ip` - IPv4 or IPv6 address
 
+`country` - match IP by ISO 3166-1 alpha-2 country code
+
 `all` - match anything (usually placed at the end of the file as a default rule)
 
 For domain requests, Hysteria will try to resolve the domains and match both domain & IP rules. In other words, an IP

ACL.zh.md

@@ -12,13 +12,12 @@ ACL 文件描述如何处理传入请求。服务器和客户端都支持 ACL，
 direct domain evil.corp
 proxy domain-suffix google.com
 block ip 1.2.3.4
+block country cn
 hijack cidr 192.168.1.1/24 127.0.0.1
 
 direct all
 ```
 
-一个直连所有中国 IP 的规则和 Python 生成脚本 [在这里](docs/acl)。
-
 Hysteria 根据文件中第一个匹配到规则对每个请求进行操作。当没有匹配时默认的行为是代理连接。可以通过在文件的末尾添加一个规则加上条件 "all" 来设置默认行为。
 
 4 种处理方式:
@@ -31,7 +30,7 @@ Hysteria 根据文件中第一个匹配到规则对每个请求进行操作。
 
 `hijack` - 把连接劫持到另一个目的地 （必须在参数中指定）
 
-5 种条件类型:
+6 种条件类型:
 
 `domain` - 匹配特定的域名（不匹配子域名！例如：`apple.com` 不匹配 `cdn.apple.com`）
 
@@ -41,6 +40,8 @@ Hysteria 根据文件中第一个匹配到规则对每个请求进行操作。
 
 `ip` - IPv4 / IPv6 地址
 
+`country` - 匹配国家 IP，ISO 两位字母国家代码
+
 `all` - 匹配所有地址 （通常放在文件尾作为默认规则）
 
 对于域名请求，Hysteria 将尝试解析域名并同时匹配域名规则和 IP 规则。换句话说，IP 规则能覆盖到所有连接，无论客户端是用 IP 还是域名请求。

docs/acl/chnroutes.py

@@ -1,20 +0,0 @@
-#! /usr/bin/env python3
-
-import urllib.request
-from itertools import chain
-from datetime import date
-
-data_ipv4 = urllib.request.urlopen(
-    'http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone')
-data_ipv6 = urllib.request.urlopen(
-    'http://www.ipdeny.com/ipv6/ipaddresses/aggregated/cn-aggregated.zone')
-
-data = chain(data_ipv4, data_ipv6)
-
-with open('chnroutes.acl', 'w') as out:
-    out.write('# chnroutes\n# Generated on %s\n\n' %
-              date.today().strftime("%B %d, %Y"))
-    for l in data:
-        ls = str(l, 'UTF8').strip()
-        if ls:
-            out.write('direct cidr %s\n' % ls)