block all IP addresses from China (and possibly others) when they hit iptables, before they get to anywhere else in my system.
China has no need to be accessing my home, personal server. A large majority of unauthorized ssh connections originate in China.
I've found this site:
But I'm not sure how to translate that into adding iptables rules. I'm thinking something along the lines of:
1. rsync the zone file to my local PC and setup a zone in named
2. iptables -A INPUT -src cn.countries.nerd.dk -J REJECT
The zone would be kept up to date with regular rsync's of the zone file and an `rndc reload`
My main issue is that I don't quite understand DNSBL and how they work with named. Or if the above is even possible. Is there a better way?
I could just find a list of IP addresses/CIDR masks that are associated with China, but that would be a static list, whereas the above is dynamic. Also, any lists I've found seem to be inaccurate (a static IP address for a company I used to work at is listed as China, but it's definitely Australian!)