|
Title: Blacklisting a whole country Post by: Nugs on Friday 14 May 2010, 11:44:22 am We are receiving a large amount of russian spam and I was wondering if it was possible to block all mail coming from a certain country?
Something like blacklisting *@*.ru, which doesn't work. Title: Re: Blacklisting a whole country Post by: Sinatraw on Friday 11 June 2010, 02:05:01 pm I am not sure if this will work but it may be worth a try:
http://www.countryipblocks.net/ When I first started using endian, I noted there was a considerable amount of traffic coming in from Asia-pac/China. I blocked China by posting the complete cidr list from this site in incoming routed traffic and blocking it. example 1.12.0.0/14 1.24.0.0/13 1.48.0.0/15 For the most part it worked. once in a while somethng may get through but noticed there has been a lot less activity since I have done that. Please let me know if it works for you? It would be validation for me as well. Title: Re: Blacklisting a whole country Post by: wavrunrx2 on Friday 11 June 2010, 03:50:18 pm This following small script will automatically read the lines in Country IP range files from http <colon> // www <dot> ipdeny <dot> com (forum wont allow clickable URLs, sorry..) and add them to your firewall
Create a file called zoneblock using the following text, then 'chmod +x zoneblock' to make it executable Just download the zone file you want for the country you want (you can do this using wget), then run : ./zoneblock /var/tmp/af.zone eth1 replacing 'af.zone' with whatever file you are using and 'eth1' with what ever interface your WAN is. The changes are only temporary till reboot. You could (should) add the command to run automatically at startup. Script: #!/bin/bash # Zoneblock script # usage: # zoneblock [file] [interface] while read line do iptables -I INPUT -s $line -i $2 -j DROP echo "adding...$line" done <$1 exit 0 enjoy. Title: Re: Blacklisting a whole country Post by: Sinatraw on Sunday 13 June 2010, 05:55:17 am Thanks for the info on the scripts but wouldnt it be easier just to post the cidr listing for a particular country (i.e. russian federation)?
I'm learning about this and just wanted to understand your approach. Thanks, Title: Re: Blacklisting a whole country Post by: wavrunrx2 on Sunday 13 June 2010, 02:35:55 pm address allocation *can* change any time, and day (dont get me wrong, the changes are not dramatic). the list i linked to from ipdeny <dot> com, is as dynamic as can possibly be and limits your chances of actually blocking a block of ip's whom may actually be legitimate whom you don't want blocked.
im not saying your way wouldn't work; it would. the way above is (in my mind) is a more specific solution, to a very broad problem. Title: Re: Blacklisting a whole country Post by: Sinatraw on Sunday 13 June 2010, 08:45:54 pm Understood...Never looked at it that way...Thanks for the info. I had a bad habit of...If I received a intrusion attempt from a ip...I would find the ip block for the whole country and block it all (i.e. China).
Thanks for the insight...I will take another look at your solution. Cheers :) |