Blocking China and other countries from accessing your servers
So I wanted to create a simple script which I could load onto all of my Linux webservers, from Ubuntu to CentOS. Here is the code I found to work relatively well:
#remove existing rule to purge old IP's, download IP's from ipdeny.com, load IP's into "geoblocks" ipset, re-add iptables rule and re-start fail2ban
#this is to get the "geoblocks" rule at the top of the list so that it can be deleted in the next line
service iptables restart
#delete the "geoblocks" rule from iptables
iptables -D INPUT 1
#purge the "geoblocks" ipset
ipset destroy geoblocks
#re-establish the "geoblocks" ipset
ipset create geoblocks hash:net
#remove old .zone files
rm *.zone
#set variables
iso="af kp kr cn cu ir iq in jp ru tw br ro it hu tr"
#root of ip list zone files
dlroot="http://www.ipdeny.com/ipblocks/data/countries"
#download the .zone files
for c in $iso; do wget $dlroot/$c.zone; done
#load all .zone files into one
cat *.zone > blocks.zone
#load list of IP's just created into the "geoblocks" ipset
for i in $(cat blocks.zone); do ipset add geoblocks $i; done
#re-establish iptables rule
iptables -I INPUT -m set --match-set geoblocks src -j DROP
service fail2ban restart
This script of course requres iptables and ipset to be installed and working properly. Add this script in a cron job set to update once a week, and you'll always have the latest list of country's IP's blocked at the firewall level.
Note that I restart iptables at the beginning to get the geoblocks rule at the top due to fail2ban placing rules above the one that I need to remove, then the rule is deleted so we can delete the geoblocks ipset, the ipset geoblocks is deleted to flush the old IP's, and then re-loaded from source (ipdeny.com). At the end, fail2ban is restarted to re-establish all the iptables rules that it creates.
This should also work on any Linux based firewall gateway appliance. NetArmor
From the Blog
-
G Suite Public Email Group
Written by AndrewG Suite can be a bit confusing sometimes, but fear not, here is a quick guide to set your group up as an email list. I'm sure there is an official guide somewhere, but I was unable to find a definitive, official source for this information. First create your group, I usually select "Restricted" as the access level to ensure the group is not a public forum. Next set your group access as follows to allow for public posting: Next just to double check, go to the group moderation settings (link at the bottom of the g-suite group settings page,…
-
Blocking China and other countries from accessing your servers
Written by Andrew GouldSo I wanted to create a simple script which I could load onto all of my Linux webservers, from Ubuntu to CentOS. Here is the code I found to work relatively well: #remove existing rule to purge old IP's, download IP's from ipdeny.com, load IP's into "geoblocks" ipset, re-add iptables rule and re-start fail2ban#this is to get the "geoblocks" rule at the top of the list so that it can be deleted in the next lineservice iptables restart#delete the "geoblocks" rule from iptablesiptables -D INPUT 1#purge the "geoblocks" ipsetipset destroy geoblocks#re-establish the "geoblocks" ipsetipset create geoblocks hash:net#remove old .zone filesrm…
-
New Sites
Written by Andrew Gould
So I've been busy the last few months with various projects, including but definitely not limited to the following pages for incredible individuals. Pure Genetics website. Working with the incredible physique athlete, Travis Harris was a pleasure, and we both walked away from this project knowing a little more. Visit his site at puregeneticsfitness.com. Next we have the incredibly talented Julia James and her page juliajamesmusic.com. Go check her out and all of her great music. She is definitely a name to keep an eye on, this gal…
Tags: website -
Introducing: NetArmor
Written by Andrew Gould
NetArmor, my newest creation. From concept to completion and everything in between. www.netarmor.bz
-
Click to open image! Click to open image!
-
Click to open image! Click to open image!
-
Click to open image! Click to open image!
-
Click to open image! Click to open image!
View the embedded image gallery online at:
http://www.andrewg.us/itemlist/tag/LINUX#sigProId51db570cf9 -
-
Women are crazy
Written by Andrew Gould
Anyone ever dated this woman? I've dated her a couple times. They push you away and wonder why you get all "weird" when you wonder what's up. Then it's YOU who's unreasonable. Funny stuff here people! Got to laugh or else you'll cry.