iptables +block country

Tom H tomh0665 at gmail.com
Mon Aug 16 06:00:19 UTC 2010

On Mon, Aug 16, 2010 at 12:31 AM, NoOp <glgxg at sbcglobal.net> wrote:
> The probes mostly come from Chinese machines (do a zenmap on
> if you'd like to see a totally borked bot machine). So on
> every local machine I've simply decided to block all of China.
> http://blacklist.linuxadmin.org/ has a handy tool to blocklist by
> country & port. I've modified the ouput to block via iptables, but
> wonder if the following sample is correct:
> #!/bin/bash
> # china blocklist
> # generated from http://blacklists.linuxadmin.org
> /sbin/iptables -A INPUT -p tcp -s -j REJECT
> /sbin/iptables -A INPUT -p tcp -s -j REJECT
> /sbin/iptables -A INPUT -p tcp -s -j REJECT

I'd use "DROP" rather than "REJECT".

More information about the ubuntu-users mailing list