iptables +block country
glgxg at sbcglobal.net
Mon Aug 16 04:31:33 UTC 2010
With apologies to our Chinese list subscribers...
I'm tiring of unsecured probes from unsecured Chinese machines. While my
router blocks most all of these, my router does respond when I have ssh
or vnc ports open (yes I know... I close them when I do not need them).
That of course lets the beast on the other side know that I've my cheeks
spread wide and available...
The probes mostly come from Chinese machines (do a zenmap on
184.108.40.206 if you'd like to see a totally borked bot machine). So on
every local machine I've simply decided to block all of China.
http://blacklist.linuxadmin.org/ has a handy tool to blocklist by
country & port. I've modified the ouput to block via iptables, but
wonder if the following sample is correct:
# china blocklist
# generated from http://blacklists.linuxadmin.org
/sbin/iptables -A INPUT -p tcp -s 220.127.116.11/15 -j REJECT
/sbin/iptables -A INPUT -p tcp -s 18.104.22.168/13 -j REJECT
/sbin/iptables -A INPUT -p tcp -s 22.214.171.124/15 -j REJECT
Any advise as to if this is correct?
More information about the ubuntu-users