LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

View Poll Results: Do you get ssh hack attempts, apache exploits, etc, from Eurpoe on your server?
Yes, I get hack attempts. I run a production server. 6 31.58%
No, I don't get hack attempts. I run a production server. 2 10.53%
Yes, I get hack attempts. I run a personal server at home. 9 47.37%
No, I don't get hack attempts. I run a personal server at home. 2 10.53%
Voters: 19. You may not vote on this poll

Reply
 
LinkBack Search this Thread
Old 10-11-2007, 07:46 AM   #1
Schiz0
LQ Newbie
 
Registered: Dec 2005
Location: Pennsylvania, USA
Distribution: FreeBSD, Ubuntu, and Debian
Posts: 10

Rep: Reputation: 0
Arrow Blocking Countries via pf firewall


Hey guys.

I'm sick of port scans, ssh brute-force attempts, attempted apache/myphpadmin exploit attempts, email spam, and various other bullshit that come from other countries.

I would like to drop all packets from everyone other than the US. Right now, I'm using Okean's Korea and China blacklists to block Korea and China ( http://okean.com/thegoods.html ). But I'm still getting spam from Germany, the UK, Italy, and other crap.

All I need is a list of IPs in CIDR notation that are allocated to only the United States. I can have a default deny, then allow the US IPs.

Does anyone know of such a list?

Thanks for your time.
 
Old 10-11-2007, 09:32 AM   #2
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
IP to Country Database list can be downloaded from this page. http://software77.net/cgi-bin/ip-country/geo-ip.pl

You could use fail2ban to help prevent hacking.
 
Old 10-11-2007, 10:59 AM   #3
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
{duplicate}
 
Old 10-15-2007, 01:04 AM   #4
hans51
Member
 
Registered: Mar 2005
Location: Cambodia
Distribution: suse
Posts: 36
Blog Entries: 1

Rep: Reputation: 16
monthly updated GeoIP db is available for free for non-commercial use also from
http://www.maxmind.com/
and for commercial use a more frequently updated IP db from maxmind as well.

instead of banning all NON-US countries - i have setup a large iptables list blocking C/B or even A networks ( specially china ) if i encounter a hack attempt.

normal is about one daily hack attempt on a server ...
my first one started before my domain was fully setup - that helped me to strengthen the security.
NO password login - only serverkey access via ssh

if blocking ALL NON-US access - pls keep in mind that you also deny access to all US abroad - there are MILLIONS of US citizen permanently or tgemporarily living abroad / overseas, it also blocks all US on travel, on vacation - including yourself when traveling ...
 
Old 10-15-2007, 05:27 AM   #5
Brianetta
LQ Newbie
 
Registered: Mar 2007
Location: Newcastle upon Tyne, UK
Distribution: Trustix, Fedora, Ubuntu
Posts: 16

Rep: Reputation: 3
You also block us Brits, and we're really nice and not lame at all...
 
  


Reply

Tags
firewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall blocking Rekna Linux - Security 6 02-27-2007 06:03 PM
SUSE 10 firewall blocking johnhawk Linux - Security 1 07-18-2006 03:09 AM
firewall blocking internet k4zau Linux - Networking 1 09-24-2004 02:18 PM
firewall traffic blocking help jaylee Linux - Security 8 06-30-2003 10:44 AM
Firewall not blocking ports... bfloeagle Linux - Security 9 05-20-2003 02:53 PM


All times are GMT -5. The time now is 09:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration