homepage Welcome to WebmasterWorld Guest from 54.226.213.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Firewall configuration
How to restrict access to the server from several countries?
ainars




msg:912942
 12:23 am on May 18, 2003 (gmt 0)

I just installed Kiss My Firewall which is available here:
[geocities.com...]

It was easy to setup this script, but I am wondering how it's possible to restrict access to my server from some countries. For example, I don't have any business with Korea or China and all what I get from these countries is a huge amount of spam, different scans etc. So, I would like to put these countries in my black list.

Kiss My Firewall allows to create block list in the following form:

################################################################################
# #
# CONFIG #4 (of 5): BLOCK_LIST #
# #
# This is where you can specify IP Addresses that you wish to block. If you #
# add a new one, simply restart this script for the changes to take effect. #
# #
# NOTE: More than one IP can be specified by separating with a space: #
# Ex. BLOCK_LIST="111.11.111.111 222.22.222.222 333.33.333.333" #
# #
################################################################################

What if I want to put a range of addresses in this list, for example: 61.4.64.0 - 61.4.79.255

What will be the right form? Like this:

61.4.64.*

or like this:

61.4.64.0/20

Lists of Chinese and Korean Ip addresses can be found here (if anyone interested):
[okean.com...]
[okean.com...]

 

Air




msg:912943
 2:24 am on May 18, 2003 (gmt 0)

I had a look at KMF and it is a bash script that issues commands to IPTABLES, so the syntax rules of IPTABLES are what you want to use. i.e your second example (CIDR notation) is what you want.

There is a handy table here [ralphb.net] that may be useful to you or others. It shows for example, that if you wanted to block an entire class "c" (254 addresses) you would use "/24" as in xxx.xxx.xxx.xxx/24

Anyway hope this helps.

ainars




msg:912944
 1:20 pm on May 18, 2003 (gmt 0)

Thank you, Air! It works.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved