Difference between revisions of "How to block country IP"
Line 5: | Line 5: | ||
DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine. | DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine. | ||
. | Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating. | ||
Install ipset tool: | |||
yum -y install ipset | |||
Download list of IP ranges from http://www.ipdeny.com/ipblocks/data/countries/ | |||
wget http://www.ipdeny.com/ipblocks/data/countries/pl.zone | |||
Create list for in ipset for Palestine IPs: | |||
ipset create palestine hash:net | |||
Import IP list from file to ipset list: | |||
while read LINE; do ipset add palestine $LINE; echo -ne $LINE ' \r'; done < pl.zone | |||
Add rule to iptables, which instructs to drop packets coming from IPs within list: | |||
iptables -I INPUT -m set --match-set palestine src -j DROP | |||
Configuration is completed. | |||
You can repeat same for other countries. By replacing "pl" with two letters code of other country (visit http://www.ipdeny.com/ipblocks/data/countries/ to see whole list). Also replacing "palestine" name to name of other country. | |||
NOTE: configuration needs to be repeated after server reboot. |
Revision as of 12:24, 14 July 2016
Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating.
DISCLAIMER - we are not against the Palestine or People of Palestine. We are against hackers from Palestine.
Here we will provide guide how to block whole country. For this example we will block Palestine - from where most VoIP attacks are originating.
Install ipset tool:
yum -y install ipset
Download list of IP ranges from http://www.ipdeny.com/ipblocks/data/countries/
wget http://www.ipdeny.com/ipblocks/data/countries/pl.zone
Create list for in ipset for Palestine IPs:
ipset create palestine hash:net
Import IP list from file to ipset list:
while read LINE; do ipset add palestine $LINE; echo -ne $LINE ' \r'; done < pl.zone
Add rule to iptables, which instructs to drop packets coming from IPs within list:
iptables -I INPUT -m set --match-set palestine src -j DROP
Configuration is completed.
You can repeat same for other countries. By replacing "pl" with two letters code of other country (visit http://www.ipdeny.com/ipblocks/data/countries/ to see whole list). Also replacing "palestine" name to name of other country.
NOTE: configuration needs to be repeated after server reboot.