iptables +block country

[Brian]

On Mon 16 Aug 2010 at 10:39:10 -0700, NoOp wrote:

> Really? Would you be so understanding if I launched thousands of port
> scans against your machines?

I might be. My tolerence level is quite high, especially as I know the
connections are doomed to ultimate failure. With 100,000+ connections
to sshd alone since April 2010 (less than a quarter being from China)
it is more amusing than annoying. Like little children ringing your
door bell and running away.

If scanning became more of an issue I'd reassess my approach. But it
wouldn't involve overreacting and blocking complete countries.