LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-25-2008, 03:38 PM   #1
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Rep: Reputation: 34
DNSBL blocks and iptables


Goal: block all IP addresses from China (and possibly others) when they hit iptables, before they get to anywhere else in my system.

Why: China has no need to be accessing my home, personal server. A large majority of unauthorized ssh connections originate in China.

How: Not sure!

I've found this site:
http://countries.nerd.dk/more.html

But I'm not sure how to translate that into adding iptables rules. I'm thinking something along the lines of:
Code:
1. rsync the zone file to my local PC and setup a zone in named
2. iptables -A INPUT -src cn.countries.nerd.dk -J REJECT
The zone would be kept up to date with regular rsync's of the zone file and an `rndc reload`

My main issue is that I don't quite understand DNSBL and how they work with named. Or if the above is even possible. Is there a better way?

I could just find a list of IP addresses/CIDR masks that are associated with China, but that would be a static list, whereas the above is dynamic. Also, any lists I've found seem to be inaccurate (a static IP address for a company I used to work at is listed as China, but it's definitely Australian!)
 
Old 10-26-2008, 08:27 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
try this - http://people.netfilter.org/~peejix/...oip-HOWTO.html
 
Old 10-26-2008, 06:57 PM   #3
fukawi2
Member
 
Registered: Oct 2006
Location: Melbourne, Australia
Distribution: ArchLinux, ArchServer, Fedora, CentOS
Posts: 448

Original Poster
Rep: Reputation: 34
Lovely - thank you
 
  


Reply

Tags
iptables, named


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables blocks services (HTTPS and FTP) leosgb Linux - Networking 12 04-11-2006 01:13 PM
iptables blocks access to network leupi Linux - Networking 3 03-29-2005 09:23 AM
sendmail and dnsbl cholo Linux - Software 0 11-16-2004 01:02 AM
Create my own DNSBL? wytiger Linux - Security 3 10-21-2004 12:38 AM
iptables causes delay and blocks irrationally niehls Linux - Networking 4 08-21-2004 01:16 PM


All times are GMT -5. The time now is 01:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration