Difference between revisions of "How to block country IP"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 5: Line 5:
DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine.
DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine.


.
Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating.
 
 
 
Install ipset tool:
 
yum -y install ipset
 
Download list of IP ranges from http://www.ipdeny.com/ipblocks/data/countries/
 
wget http://www.ipdeny.com/ipblocks/data/countries/pl.zone
 
Create list for in ipset for Palestine IPs:
 
ipset create palestine hash:net
 
Import IP list from file to ipset list:
 
while read LINE; do ipset add palestine $LINE; echo -ne $LINE ' \r'; done < pl.zone
 
Add rule to iptables, which instructs to drop packets coming from IPs within list:
 
iptables -I INPUT -m set --match-set palestine src -j DROP
 
Configuration is completed.
 
 
You can repeat same for other countries. By replacing "pl" with two letters code of other country (visit http://www.ipdeny.com/ipblocks/data/countries/ to see whole list). Also replacing "palestine" name to name of other country.
 
NOTE: configuration needs to be repeated after server reboot.

Revision as of 12:24, 14 July 2016

Palestine hacker.jpg

Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating.

DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine.

Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating.


Install ipset tool:

yum -y install ipset

Download list of IP ranges from http://www.ipdeny.com/ipblocks/data/countries/

wget http://www.ipdeny.com/ipblocks/data/countries/pl.zone

Create list for in ipset for Palestine IPs:

ipset create palestine hash:net

Import IP list from file to ipset list:

while read LINE; do ipset add palestine $LINE; echo -ne $LINE ' \r'; done < pl.zone

Add rule to iptables, which instructs to drop packets coming from IPs within list:

iptables -I INPUT -m set --match-set palestine src -j DROP

Configuration is completed.


You can repeat same for other countries. By replacing "pl" with two letters code of other country (visit http://www.ipdeny.com/ipblocks/data/countries/ to see whole list). Also replacing "palestine" name to name of other country.

NOTE: configuration needs to be repeated after server reboot.