iptables +block country
ad44 at cityscape.co.uk
Tue Aug 17 16:25:45 UTC 2010
On Mon 16 Aug 2010 at 21:41:37 -0700, NoOp wrote:
> And so your objection to me using iptables (or any other method) to
> block by country et al is?
Rather than seeing it as an objection regard it as an alternative
take on the situation, one which adopts a more relaxed approach.
Let it be, don't be alarmed, have a chuckle and get on with
enjoying what you are doing.
Some services on your machine are made publically available so it
isn't surprising if connections are made to them. Restricting
access is sensible and I wouldn't think there are many machines on
the internet which didn't do that, but stopping a connection is
not in the rules.
Your principle concerns are the annoyance you experience and the
miniscule amount of resources used. Mitigating both of these using
the more nuanced denyhosts/fail2ban option would appeal more to me
than the sledgehammer/nut geoip blocking strategy.
More information about the ubuntu-users