iptables +block country

Brian ad44 at cityscape.co.uk
Tue Aug 17 16:25:45 UTC 2010

On Mon 16 Aug 2010 at 21:41:37 -0700, NoOp wrote:

> And so your objection to me using iptables (or any other method) to
> block by country et al is?

Rather than seeing it as an objection regard it as an alternative
take on the situation, one which adopts a more relaxed approach. 
Let it be, don't be alarmed, have a chuckle and get on with 
enjoying what you are doing.

Some services on your machine are made publically available so it 
isn't surprising if connections are made to them. Restricting
access is sensible and I wouldn't think there are many machines on 
the internet which didn't do that, but stopping a connection is 
not in the rules.

Your principle concerns are the annoyance you experience and the 
miniscule amount of resources used. Mitigating both of these using
the more nuanced denyhosts/fail2ban option would appeal more to me 
than the sledgehammer/nut geoip blocking strategy.

More information about the ubuntu-users mailing list