Goal: block all IP addresses from China (and possibly others) when they hit iptables, before they get to anywhere else in my system.
Why: China has no need to be accessing my home, personal server. A large majority of unauthorized ssh connections originate in China.
How: Not sure!
I've found this site:
http://countries.nerd.dk/more.html
But I'm not sure how to translate that into adding iptables rules. I'm thinking something along the lines of:
Code:
1. rsync the zone file to my local PC and setup a zone in named
2. iptables -A INPUT -src cn.countries.nerd.dk -J REJECT
The zone would be kept up to date with regular rsync's of the zone file and an `rndc reload`
My main issue is that I don't quite understand DNSBL and how they work with named. Or if the above is even possible. Is there a better way?
I could just find a list of IP addresses/CIDR masks that are associated with China, but that would be a static list, whereas the above is dynamic. Also, any lists I've found seem to be inaccurate (a static IP address for a company I used to work at is listed as China, but it's definitely Australian!)
