IP Ranges in Usable Formats

[mneylon]

Came across this site earlier this evening:
Country IP Blocks

What's useful is that they give you the data in a number of formats, so you can use it to generate "allow" or "deny" rules

Unfortunately they don't have it in IpTables format, though I suspect you could do it quite easily using a bit of sed magic

 

[CelticJim]

very useful info although with the U.S. being the biggest spammers and the biggest surfers that presents a bit of a dilemma.

Wouldn't surprise me if it's just a handful of Germans responsible for all that comment spamming.Isn't that something that xrumer is capable of doing with just the click of a button.According to my research at blackhatworld anyway

 

[niall]

Em, they give it in CIDR format: Country IP Blocks

For example to block the country XX, put the following in you main iptables rule set:
iptables -N XX_BLOCK
iptables -A INPUT -j XX_BLOCK

Then create an shell script with the following to run once a day as root:

#!/bin/bash
# Flush the current rules out the chain
iptables -F XX_BLOCK
# Add in the current rules
for i in `curl https://www.countryipblocks.net/e_country_data/XX_cidr.txt | grep -v ^#`;
do
iptables -A XX_BLOCK -s $i -j DROP;
done
​

The above is untested and extra checks like make sure that the CIDR page is giving a 200 response could be added in. The basic idea is that in the main iptables INPUT rule set, you pass all traffic over to the XX_BLOCK chain. If the IP matchs any rule in that chain, it gets rejected. As the XX_BLOCK is a separate chain in IPTables, it's easy to manage from a script like the above.

To monitor the hits, just run: iptables -L XX_BLOCK -n -v and you'll see what rules are getting hit.

In the shutdown scripts for the firewall, add in the following to remove the XX_BLOCK chain:
iptables -F XX_BLOCK
iptables -X XX_BLOCK