Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 22 December 2024, 01:32:02 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Blacklisting a whole country
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Blacklisting a whole country  (Read 21892 times)
Nugs
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 14 May 2010, 11:44:22 am »

We are receiving a large amount of russian spam and I was wondering if it was possible to block all mail coming from a certain country?
Something like blacklisting *@*.ru, which doesn't work.
Logged
Sinatraw
Full Member
***
Offline Offline

Gender: Male
Posts: 19



« Reply #1 on: Friday 11 June 2010, 02:05:01 pm »

I am not sure if this will work but it may be worth a try:

http://www.countryipblocks.net/

When I first started using endian, I noted there was a considerable amount of traffic coming in from Asia-pac/China. I blocked China by posting the complete cidr list from this site in incoming routed traffic and blocking it.

example

1.12.0.0/14
1.24.0.0/13
1.48.0.0/15

For the most part it worked. once in a while somethng may get through but noticed there has been a lot less activity since I have done that.

Please let me know if it works for you? It would be validation for me as well.



Logged
wavrunrx2
Full Member
***
Offline Offline

Posts: 12


« Reply #2 on: Friday 11 June 2010, 03:50:18 pm »

This following small script will automatically read the lines in Country IP range files from http <colon> // www <dot> ipdeny <dot> com (forum wont allow clickable URLs, sorry..) and add them to your firewall


Create a file called zoneblock using the following text, then 'chmod +x zoneblock' to make it executable

Just download the zone file you want for the country you want (you can do this using wget), then run :

./zoneblock /var/tmp/af.zone eth1
replacing 'af.zone' with whatever file you are using and 'eth1' with what ever interface your WAN is.

The changes are only temporary till reboot. You could (should) add the command to run automatically at startup.



Script:

#!/bin/bash
# Zoneblock script
# usage: # zoneblock [file] [interface]
while read line
do
iptables -I INPUT -s $line -i $2 -j DROP
echo "adding...$line"
done <$1
exit 0



enjoy.
Logged
Sinatraw
Full Member
***
Offline Offline

Gender: Male
Posts: 19



« Reply #3 on: Sunday 13 June 2010, 05:55:17 am »

Thanks for the info on the scripts but wouldnt it be easier just to post the cidr listing for a particular country (i.e. russian federation)?

I'm learning about this and just wanted to understand your approach.

Thanks,

Logged
wavrunrx2
Full Member
***
Offline Offline

Posts: 12


« Reply #4 on: Sunday 13 June 2010, 02:35:55 pm »

address allocation *can* change any time, and day (dont get me wrong, the changes are not dramatic). the list i linked to from ipdeny <dot> com, is as dynamic as can possibly be and limits your chances of actually blocking a block of ip's whom may actually be legitimate whom you don't want blocked.

im not saying your way wouldn't work; it would.

the way above is (in my mind) is a more specific solution, to a very broad problem.
Logged
Sinatraw
Full Member
***
Offline Offline

Gender: Male
Posts: 19



« Reply #5 on: Sunday 13 June 2010, 08:45:54 pm »

Understood...Never looked at it that way...Thanks for the info. I had a bad habit of...If I received a intrusion attempt from a ip...I would find the ip block for the whole country and block it all (i.e. China).

Thanks for the insight...I will take another look at your solution.

Cheers Smiley
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com