iptables +block country

NoOp glgxg at sbcglobal.net
Tue Aug 17 04:41:37 UTC 2010


On 08/16/2010 12:27 PM, Brian wrote:
> On Mon 16 Aug 2010 at 12:18:24 -0700, NoOp wrote:
> 
>> It's a private machine, private home network Brian. My machines, my
>> rules :-)
> 
> Of course it is. Just like every other machine on the network.
> 

And so your objection to me using iptables (or any other method) to
block by country et al is?

At this point it's probably better to move this over to sounder, but I'd
still like to know why the objection to block by country AS/cidr on a
private home machine/network seems to raise objections. I don't offer an
internet facing service, I don't offer access to my machine(s) from
outside sources unless previously authorised, and I simply do not like
bot scans from the likes already mentioned.

I'm not biased as to race, country, whatever (I reckon that I may
visited China before Sandy was in school, lived in Hong Kong,
lived/worked in Asia for over 30 years), I'm just tired of bots "ringing
my doorbell" and taking up resources in the process.

I've already demonstrated from the ~/.xsessions-error log whereby 5900
(VNC) requests show up. Note that denyhosts etc., primarily only scan
/var/log/auth.log unless specifically tuned to scan other logs. A VNC
5900 attempt will not go into /var/log/auth.log, or any other apparent
/var/log/. It was only by accident that I noticed the entry in
~/.xsessions-errors - I would have never thought to look there were I
not checking something else. It was only then that I compared against my
router logs.

I'm not a GWF; I'm just security concious and simply wish to stop these
from popping in and making botnet attempts when I open a VNC port on
occasion. I still accept and correspond with selected contacts in
China/HK etc., so what is your (and Sandy's objection) if I block
botnets by country or otherwise from my systems?










More information about the ubuntu-users mailing list