bugi/iptables-by-country
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This is a set of scripts you can use to block the IP addresses of specified countries from access to specific ports. For instance, to reduce the volume of breakin attempts, you could block anyone not in your local country from access to your SSH port. Warning: This should not be your only security! Also, hot coffee will scald you if you spill it on your lap. Warning: This set of scripts manipulates the iptables raw table. If you're using it for anything else, be careful. WARNING: Be nice! Please read the usage usage limits policy for the dataset: http://www.ipdeny.com/usagelimits.php To prepare your environment: Install NetAddr::IP. The debian package is libnetaddr-ip-perl. Install ipset. This is in modern linux kernels, but needs userland tools. In debian, the package is called "ipset". Download seed data by running ./Initialize. Edit block-countries.conf to specify which ports and which countries to block. Running this will download fresh data and load it into your iptables: ./Refresh You might even put that in crontab, but please don't run it more often than allowed by the usage limits policy for the dataset: http://www.ipdeny.com/usagelimits.php
About
load geographical data into iptables
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published