LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 06-03-2010, 08:22 AM   #1
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 387

Rep: Reputation: 61
Blocking countries from accessing my server?


How can I block certain countries from accessing my server in any capacity? Is this possible? What do I need to add to my /etc/hosts.deny for this?

I have searched on how to do this, but I couldn't find a definitive answer.

Thanks for any advice.
 
Old 06-03-2010, 08:34 AM   #2
alli_yas
Member
 
Registered: Apr 2010
Location: Johannesburg
Distribution: Fedora 14, RHEL 5.5, CentOS 5.5, Ubuntu 10.04
Posts: 559

Rep: Reputation: 92
Its possible; but depends on what countries.

You could potentially block countries based on the RIR's that the IANA allocates IP address ranges too. Take a look at http://en.wikipedia.org/wiki/Regional_Internet_Registry which explains the different RIR's that exist and the countries they compromise.

The problem you may have though is that IP's ranges are allocated per region (ie. Africa) and not per country (ie. Zimbabwe) - thus for example if you want to block say the USA, but not Canada, this won't be possible.

Technically blocking a region is easily achievable through iptables (once you've figured out what the IP address range is that you want to block).
 
1 members found this post helpful.
Old 06-03-2010, 09:30 AM   #3
cantab
Member
 
Registered: Oct 2009
Location: England
Distribution: *buntu, Vector
Posts: 499

Rep: Reputation: 102Reputation: 102
Yeah, you have to block the IP addresses you know belong to that country. But as mentioned, some names may span more than one country.

However, unless you are required to impose such a block by law, why are you?
 
Old 06-03-2010, 01:26 PM   #4
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
Why not ..
there is geoip iptables module
here is a very good tutorial http://www.ducea.com/2009/03/18/ipta...-debian-lenny/
 
1 members found this post helpful.
Old 06-03-2010, 04:19 PM   #5
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 387

Original Poster
Rep: Reputation: 61
Mostly to see if I can - I'm writing a script to flush and refresh my iptable rules to use wget to download ip blocks for certain countries to block. Also because I'm getting lots of people from China hammering on my firewall and thought "No Intrawebs for you!"

But mostly to see if it can be done really. Thanks for the advice and links. Will look into that geoip module. No need to reinvent the wheel.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking Countries via pf firewall Schiz0 Linux - Networking 4 10-15-2007 06:27 AM
How to block countries from server? payjoe Linux - Security 10 10-10-2007 11:04 AM
Is there a way of blocking individual programs from accessing the network? TehDooMCat Linux - Networking 7 08-31-2007 03:45 AM
Linux over 7% in server world in the Asia and Pacific countries Lleb_KCir General 0 09-27-2005 12:44 PM
Blocking an account from accessing the internet. magnum818 Linux - Security 2 12-03-2003 02:50 AM


All times are GMT -5. The time now is 09:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration