How to block IP's in different country's

[samstar]

Hello,

Does anyone know how i can block in my linux server IP's from different country's so they can't get acces to my server ?


Thanks in advance

[cardsharing]

you can use iptables to block some ips
do you want to bann all ips from a country?

[samstar]

Quote:

Originally Posted by cardsharing

you can use iptables to block some ips
do you want to bann all ips from a country?

Yes, to block all ip's from a whole country. Well, i need to block all ip's, only the Belgium and France ip's are allowed. Any help please ?

[cardsharing]

Hi
http://ipinfodb.com/ip_country_block.php#blocklist

Choose the country for the list , save the file blocklist.txt
Upload blocklist.txt on your linux server in a directory

create a new file called banip with this content

### SCRIPT ###
#!/bin/sh
cat blocklist.txt | awk '{print $1;}' | sort | uniq | while read a; do iptables -A INPUT -s $a -j DROP;done
sleep 1
/sbin/iptables-save > /etc/sysconfig/iptables
chmod go-r /etc/sysconfig/iptables
/sbin/service iptables restart


upload banip file in the same directory with blocklist.txt , set chmod 755 for banip and then run the banip file
I really recomand you to make this job only if you know some minimum linux details, if not you can fault your server

[samstar]

Thanks a lot admin, you're the best. Its working, now i don't have a lot of warning.txt in my /tmp folde with "Login Failed..."

Thanks a lot mate. There is 1 thing i want to ask about that script, do i need to run it only 1 time or everyday or once a week or...?

Thanks again

[tinkerbell]

Quote:

Originally Posted by cardsharing

Hi
http://ipinfodb.com/ip_country_block.php#blocklist

Choose the country for the list , save the file blocklist.txt
Upload blocklist.txt on your linux server in a directory

create a new file called banip with this content

upload banip file in the same directory with blocklist.txt , set chmod 755 for banip and then run the banip file
I really recomand you to make this job only if you know some minimum linux details, if not you can fault your server

Hi Cardsharing,
Another question about your banip script file. I have just wanted to use your script as fail2ban code. "Blocklist file" includes only country ip numbers. On the contrary, "log warnings" file includes numeric and alpha-numeric strings.
Do you think if that works out as fail2ban code when I make some changes in CCcam.cfg file and below script?

In CCcam.cfg file:
log warnings: /tmp/warnings.txt

In Script:

Code:

### SCRIPT ###
#!/bin/sh
cat warnings.txt | awk '{print $1;}' | sort | uniq | while read a; do iptables -A INPUT -s $a -j DROP;done
sleep 1
/sbin/iptables-save > /etc/sysconfig/iptables
chmod go-r /etc/sysconfig/iptables
/sbin/service iptables restart

I certainly will put those files under the same folder and then run.

Thanks in advance
Tinkerbell