iptables +block country
Tom H
tomh0665 at gmail.com
Mon Aug 16 07:29:02 UTC 2010
On Mon, Aug 16, 2010 at 2:13 AM, Harry Strongburg <harry.ubuntu at harry.lu> wrote:
> On Mon, Aug 16, 2010 at 02:00:19AM -0400, Tom H wrote:
>> On Mon, Aug 16, 2010 at 12:31 AM, NoOp <glgxg at sbcglobal.net> wrote:
>> > #!/bin/bash
>> > # china blocklist
>> > # generated from http://blacklists.linuxadmin.org
>> > /sbin/iptables -A INPUT -p tcp -s 58.14.0.0/15 -j REJECT
>> > /sbin/iptables -A INPUT -p tcp -s 58.16.0.0/13 -j REJECT
>> > /sbin/iptables -A INPUT -p tcp -s 58.24.0.0/15 -j REJECT
>>
>> I'd use "DROP" rather than "REJECT".
>
> I disagree with the blocking of entire CIDR ranges, but that's up to you
> to decide if you want to have the chance of blocking legit users, simply
> because those around them are abusive.
This isn't for a public web site. It is a private ssh/vnc box, so I
agree with blocking any part of the world that has active/over-active
bots (as long as NoOp doesn't block where he is
living/working/travelling to!).
More information about the ubuntu-users
mailing list