LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-04-2005, 12:34 PM   #1
latino
Member
 
Registered: Aug 2003
Location: Puerto Rico
Distribution: RHEL 5.5
Posts: 141

Rep: Reputation: 15
script to block IPs from Korea, China, Taiwan??


Hi:

Is there any script that I could use with APF to block IP's from Taiwan, Korea, and China?? Or a script that could bath process Ips specified by me??

Setup:

RHEL 4, PHP 5.0.4, APF, BFD

Any idea where to find those ips?

Later
 
Old 09-04-2005, 03:47 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
This was a pretty slick method I saw posted on Slashdot recently:
http://it.slashdot.org/comments.pl?s...6&cid=13449166

You can then either manually enter them as iptables rules, or parse them with a script that iterates through each IP and adds an iptables rule.

Might want to read this too:
http://www.theregister.co.uk/2005/08..._ip_addresses/
 
Old 09-05-2005, 03:57 AM   #3
imitheos
Member
 
Registered: May 2005
Location: Greece
Posts: 374

Rep: Reputation: 55
Re: script to block IPs from Korea, China, Taiwan??

Quote:
Originally posted by latino
Hi:

Is there any script that I could use with APF to block IP's from Taiwan, Korea, and China?? Or a script that could bath process Ips specified by me??

Setup:

RHEL 4, PHP 5.0.4, APF, BFD

Any idea where to find those ips?

Later
I guess apf uses netfilter/iptables. Am i right ?

If i am there is a iptables match module for countries. It is called geoip. Visit the following url:

http://www.netfilter.org/patch-o-mat...om-extra-geoip

From what i read in the link you just put --src-cc or -dst-cc
For example iptables -A FORWARD -src-cc ch,tw,kr -j DROP
 
Old 09-05-2005, 01:52 PM   #4
latino
Member
 
Registered: Aug 2003
Location: Puerto Rico
Distribution: RHEL 5.5
Posts: 141

Original Poster
Rep: Reputation: 15
Hi:

Well I found that sometimes things could be done without much complication. APF rules are available at /etc/apf/deny_hosts.rules. I just edited with gedit that file and added the ips from:
http://www.okean.com/iptables/rc.firewall.sinokorea

I used gedit search and replace to leave the IPs as APF use them. Before that I tried
./apf -d 185.14.157.123/15 SPAMMER

My doubt was (and somehow is) IF APF would process the /15 and it works. At least it added the IP as:
185.14.157.123/15

In summary, I took the deny_hosts.rules file and edited with gedit adding the IPS from the above source. After that I did an apf -l and the rules are there.

The problem is that there are NEW spammers with NEW IPS daily... so the firewall must be updated with the contents from tail -1000 maillog (/var/log)

Just my experience. Please comment if this is ok and if the Firewall will in fact process the /15? (/23 etc). I am including the file here so others may use or improve it. I hope this is ok in this forum.

Later



deny_hosts.rules
##
# deny_hosts
#
# Trust based rule file to define addresses that are implicitly denied.
#
# Format of this file is line-seperated addresses, IP masking is supported.
# Example:
# 192.168.2.1
# 192.168.5.0/24
#
# advanced usage
#
# The trust rules can be made in advanced format with 4 options
# (proto:flowort:ip);
# 1) protocol: [packet protocol tcp/udp]
# 2) flow in/out: [packet direction, inbound or outbound]
# 3) s/d=port: [packet source or destination port]
# 4) s/d=ip(/xx) [packet source or destination address, masking supported]
#
# Syntax:
# proto:flow:[s/d]=port:[s/d]=ip(/mask)
# s - source , d - destination , flow - packet flow in/out
#
# Examples:
# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1
#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1
#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
#
##
# added 140.109.73.31 on 02/24/05 21:58:25
# {bfd.sshd}
140.109.73.31
# added 211.147.5.27 on 02/25/05 22:54:35
# {bfd.sshd}
211.147.5.27
# added 219.81.157.188 on 08/29/05 13:30:01
# {bfd.sendmail}
219.81.157.188
# added 219.81.145.97 on 08/29/05 13:30:01
# {bfd.sendmail}
219.81.145.97
# added 210.192.169.214 on 09/03/05 17:30:01
# {bfd.sendmail}
210.192.169.214
# added 219.81.229.10 on 09/03/05 17:30:01
# {bfd.sendmail}
219.81.229.10
# added 221.145.177.162 on 09/03/05 23:17:46
# SPAMMER
221.145.177.162
# added 140.130.81.30 on 09/03/05 23:19:25
# HACKER
140.130.81.30
# added 61.233.40.212 on 09/03/05 23:21:49
# SPAMMER
61.233.40.212
# added 210.21.110.100 on 09/03/05 23:22:54
# SPAMMER
210.21.110.100
# added 211.234.125.75 on 09/03/05 23:23:47
# SPAMMER
211.234.125.75
# added 219.87.192.31 on 09/04/05 12:45:13
# SPAMMER
219.87.192.31
# added 168.95.4.23 on 09/04/05 12:52:22
# SPAMMER
168.95.4.23
# added 80.245.197.244 on 09/04/05 12:54:49
# SPAMMER
80.245.197.244
# added 210.59.146.150 on 09/04/05 12:56:12
# SPAMMER
210.59.146.150
# added 61.166.155.185 on 09/04/05 12:57:52
# SPAMMER
61.166.155.185
# added 168.95.4.43 on 09/04/05 12:59:13
# SPAMMER
168.95.4.43
# added 210.59.228.55 on 09/04/05 13:00:12
# SPAMMER
210.59.228.55
# added 210.59.228.151 on 09/04/05 13:01:06
# SPAMMER
210.59.228.151
# added 168.95.4.54 on 09/04/05 13:01:57
# SPAMMER
168.95.4.54
# added 168.95.4.77 on 09/04/05 13:03:31
# SPAMMER
168.95.4.77
# added 168.95.4.10 on 09/04/05 13:03:47
# SPAMMER
168.95.4.10
# added 61.151.243.7 on 09/04/05 13:05:50
# SPAMMER
61.151.243.7
# added 211.109.6.249 on 09/04/05 13:06:35
# SPAMMER
211.109.6.249
# added 168.95.5.146 on 09/04/05 13:11:41
# SPAMMER
168.95.5.146
# added 210.59.228.63 on 09/04/05 13:31:47
# SPAMMER
210.59.228.63
# added 139.175.250.23 on 09/04/05 13:32:42
# SPAMMER
139.175.250.23
# added 210.59.228.152 on 09/04/05 13:34:28
# SPAMMER
210.59.228.152
# added 203.72.57.3 on 09/04/05 13:35:44
# SPAMMER
203.72.57.3
# added 219.84.169.12 on 09/04/05 13:39:51
# SPAMMER
219.84.169.12
# added 168.95.5.110 on 09/04/05 18:43:51
# SPAMMER
168.95.5.110
# added 210.59.146.177 on 09/04/05 23:16:28
# SPAMMER
210.59.146.177
# added 219.81.147.191 on 09/04/05 23:18:26
# SPAMMER
219.81.147.191
# added 168.95.4.211 on 09/04/05 23:19:26
# SPAMMER
168.95.4.211
#
#firewall for china and korea, port 25.
#http://www.okean.com/iptables/rc.firewall.sinokorea
#send comments, corrections, and additions to: contact@okean.com
#last updated 2005.09.04 1016 PDT (UTC -7)
58.14.0.0/15
58.16.0.0/13
58.30.0.0/15
58.32.0.0/12
58.48.0.0/13
58.56.0.0/15
58.58.0.0/16
58.59.0.0/17
58.60.0.0/14
58.65.64.0/18
58.66.0.0/15
58.72.0.0/13
58.82.0.0/15
58.87.64.0/18
58.102.0.0/15
58.116.0.0/14
58.120.0.0/13
58.128.0.0/13
58.140.0.0/14
58.144.0.0/16
58.145.0.0/17
58.148.0.0/14
58.180.0.0/16
58.181.0.0/18
58.184.0.0/16
58.192.0.0/14
58.196.0.0/15
58.200.0.0/13
58.208.0.0/12
58.224.0.0/12
58.240.0.0/12
59.0.0.0/11
59.32.0.0/12
59.48.0.0/14
59.52.0.0/14
59.56.0.0/13
59.64.0.0/13
59.72.0.0/15
59.77.0.0/16
59.78.0.0/15
59.80.0.0/14
59.107.0.0/17
59.108.0.0/15
59.150.0.0/16
59.151.0.0/17
59.186.0.0/15
59.191.0.0/17
59.192.0.0/10
60.0.0.0/13
60.8.0.0/14
60.12.0.0/16
60.13.0.0/18
60.13.128.0/17
60.14.0.0/15
60.16.0.0/12
60.55.0.0/16
60.63.0.0/16
60.160.0.0/11
60.194.0.0/15
60.196.0.0/15
60.200.0.0/14
60.204.0.0/16
60.208.0.0/12
60.255.0.0/16
61.4.64.0/20
61.4.192.0/19
61.28.0.0/17
61.29.128.0/17
61.32.0.0/13
61.40.0.0/14
61.45.128.0/18
61.47.128.0/18
61.47.192.0/18
61.48.0.0/13
61.72.0.0/13
61.80.0.0/14
61.84.0.0/15
61.96.0.0/12
61.128.0.0/10
61.232.0.0/14
61.236.0.0/15
61.240.0.0/14
61.247.64.0/18
61.247.128.0/19
61.248.0.0/13
125.7.128.0/18
125.7.192.0/18
125.31.128.0/18
125.31.192.0/18
125.32.0.0/16
125.57.0.0/16
125.58.128.0/17
125.60.0.0/17
125.64.0.0/13
125.72.0.0/16
125.80.0.0/12
125.96.0.0/15
125.98.0.0/16
125.104.0.0/13
125.112.0.0/12
125.128.0.0/11
128.134.0.0/16
129.254.0.0/16
134.75.0.0/16
134.196.0.0/16
137.68.0.0/16
141.223.0.0/16
143.248.0.0/16
147.6.0.0/16
147.43.0.0/16
147.46.0.0/15
150.150.0.0/16
150.183.0.0/16
150.197.0.0/16
152.99.0.0/16
152.149.0.0/16
154.10.0.0/16
155.230.0.0/16
156.147.0.0/16
157.197.0.0/16
158.44.0.0/16
159.226.0.0/16
161.122.0.0/16
161.207.0.0/16
162.105.0.0/16
163.152.0.0/16
163.180.0.0/16
163.239.0.0/16
164.124.0.0/15
165.132.0.0/15
165.141.0.0/16
165.186.0.0/16
165.194.0.0/16
165.213.0.0/16
165.229.0.0/16
165.243.0.0/16
165.244.0.0/16
165.246.0.0/16
166.79.0.0/16
166.103.0.0/16
166.104.0.0/16
166.111.0.0/16
166.125.0.0/16
167.139.0.0/16
168.78.0.0/16
168.115.0.0/16
168.126.0.0/16
168.131.0.0/16
168.154.0.0/16
168.160.0.0/16
168.188.0.0/16
168.219.0.0/16
168.248.0.0/15
169.140.0.0/16
192.5.90.0/24
192.83.122.0/24
192.100.2.0/24
192.104.15.0/24
192.124.154.0/24
192.132.15.0/24
192.132.247.0/24
192.132.248.0/22
192.188.170.0/24
192.195.39.0/24
192.195.40.0/24
192.203.138.0/23
192.203.140.0/22
192.203.144.0/23
192.203.146.0/24
192.245.249.0/24
192.245.250.0/23
192.249.16.0/20
198.17.7.0/24
198.97.132.0/24
198.178.187.0/24
202.0.110.0/24
202.0.160.0/20
202.0.176.0/22
202.3.77.0/24
202.4.128.0/19
202.4.252.0/22
202.6.95.0/24
202.8.128.0/19
202.10.64.0/20
202.14.88.0/24
202.14.103.0/24
202.14.165.0/24
202.14.235.0/24
202.14.236.0/23
202.14.238.0/24
202.20.82.0/23
202.20.84.0/23
202.20.86.0/24
202.20.99.0/24
202.20.119.0/24
202.20.120.0/24
202.20.128.0/17
202.21.0.0/21
202.22.248.0/21
202.30.0.0/15
202.38.0.0/20
202.38.32.0/20
202.38.64.0/18
202.38.128.0/21
202.38.136.0/23
202.38.138.0/24
202.38.140.0/22
202.38.144.0/22
202.38.149.0/24
202.38.150.0/23
202.38.152.0/22
202.38.156.0/24
202.38.158.0/23
202.38.160.0/23
202.38.164.0/22
202.38.168.0/21
202.38.176.0/23
202.38.184.0/21
202.38.192.0/18
202.41.152.0/21
202.46.32.0/19
202.46.224.0/20
202.60.112.0/20
202.62.248.0/22
202.69.4.0/22
202.69.16.0/20
202.70.0.0/19
202.74.8.0/21
202.75.208.0/20
202.85.208.0/20
202.86.8.0/21
202.90.0.0/22
202.90.224.0/20
202.90.252.0/22
202.91.0.0/22
202.91.128.0/22
202.91.176.0/20
202.92.0.0/22
202.92.252.0/22
202.93.0.0/22
202.93.252.0/22
202.94.0.0/19
202.95.0.0/19
202.95.252.0/22
202.96.0.0/12
202.112.0.0/13
202.120.0.0/15
202.122.0.0/19
202.122.32.0/21
202.122.64.0/19
202.122.112.0/21
202.122.128.0/24
202.123.96.0/20
202.125.176.0/20
202.126.112.0/21
202.127.0.0/18
202.127.112.0/20
202.127.128.0/17
202.130.0.0/19
202.130.224.0/19
202.131.16.0/21
202.131.48.0/20
202.131.208.0/20
202.133.16.0/20
202.136.48.0/20
202.136.112.0/20
202.136.208.0/20
202.136.224.0/20
202.136.252.0/22
202.142.16.0/20
202.143.16.0/20
202.148.96.0/19
202.149.160.0/20
202.149.224.0/19
202.150.16.0/20
202.150.176.0/20
202.152.176.0/20
202.153.48.0/20
202.158.144.0/20
202.158.160.0/19
202.160.176.0/20
202.164.0.0/20
202.165.96.0/20
202.166.192.0/19
202.168.160.0/20
202.170.128.0/19
202.173.8.0/21
202.173.224.0/19
202.180.128.0/19
202.189.128.0/18
202.192.0.0/12
203.79.0.0/20
203.81.16.0/20
203.81.128.0/19
203.82.240.0/21
203.83.128.0/19
203.86.32.0/19
203.86.64.0/19
203.87.224.0/19
203.88.0.0/22
203.88.32.0/19
203.89.0.0/22
203.90.0.0/22
203.90.32.0/19
203.90.128.0/18
203.90.192.0/19
203.91.0.0/22
203.91.32.0/19
203.91.96.0/20
203.92.0.0/22
203.92.160.0/19
203.93.0.0/19
203.94.0.0/18
203.95.0.0/21
203.95.96.0/20
203.100.32.0/20
203.100.96.0/19
203.100.160.0/19
203.109.0.0/19
203.110.160.0/19
203.118.192.0/19
203.119.24.0/21
203.119.32.0/22
203.123.192.0/19
203.128.32.0/19
203.128.96.0/19
203.128.128.0/19
203.128.160.0/19
203.128.192.0/19
203.130.32.0/19
203.130.96.0/19
203.132.32.0/19
203.132.160.0/19
203.134.240.0/21
203.135.96.0/20
203.135.160.0/20
203.142.160.0/19
203.148.0.0/18
202.150.48.0/20
203.152.64.0/19
203.152.160.0/19
203.156.192.0/18
203.160.8.0/21
203.175.128.0/19
203.175.192.0/18
203.184.0.0/22
203.187.160.0/19
203.191.64.0/18
203.192.0.0/19
203.196.0.0/22
203.207.64.0/18
203.207.128.0/17
203.208.0.0/20
203.208.16.0/22
203.212.0.0/20
203.222.192.0/20
203.223.0.0/20
203.224.0.0/11
210.2.0.0/19
210.5.0.0/19
210.5.32.0/20
210.5.128.0/20
210.12.0.0/15
210.14.64.0/19
210.14.160.0/19
210.14.192.0/18
210.15.0.0/17
210.15.128.0/18
210.16.128.0/18
210.21.0.0/16
210.22.0.0/16
210.25.0.0/16
210.26.0.0/15
210.28.0.0/14
210.32.0.0/12
210.51.0.0/16
210.52.0.0/15
210.56.192.0/19
210.72.0.0/14
210.76.0.0/15
210.78.0.0/16
210.79.64.0/18
210.79.224.0/19
210.80.96.0/19
210.82.0.0/15
210.87.128.0/18
210.90.0.0/15
210.92.0.0/14
210.96.0.0/11
210.178.0.0/15
210.180.0.0/14
210.185.192.0/18
210.192.96.0/19
210.204.0.0/14
210.210.192.0/18
210.211.0.0/20
210.216.0.0/13
211.32.0.0/11
211.64.0.0/13
211.80.0.0/12
211.96.0.0/13
211.104.0.0/13
211.112.0.0/13
211.136.0.0/13
211.144.0.0/12
211.160.0.0/13
211.168.0.0/13
211.176.0.0/12
211.192.0.0/10
218.0.0.0/11
218.36.0.0/14
218.48.0.0/13
218.56.0.0/13
218.64.0.0/11
218.96.0.0/14
218.101.128.0/17
218.104.0.0/14
218.108.0.0/15
218.144.0.0/12
218.192.0.0/13
218.200.0.0/14
218.204.0.0/14
218.209.0.0/16
218.232.0.0/13
218.240.0.0/13
218.249.0.0/16
219.72.0.0/16
219.82.0.0/16
219.128.0.0/11
219.216.0.0/13
219.224.0.0/14
219.228.0.0/14
219.232.0.0/13
219.240.0.0/15
219.242.0.0/15
219.244.0.0/14
219.248.0.0/13
220.64.0.0/13
220.72.0.0/13
220.80.0.0/13
220.88.0.0/14
220.92.0.0/14
220.101.192.0/18
220.103.0.0/16
220.112.0.0/14
220.116.0.0/14
220.120.0.0/13
220.149.0.0/16
220.160.0.0/11
220.192.0.0/12
220.230.0.0/16
220.231.0.0/18
220.231.128.0/17
220.232.64.0/18
220.234.0.0/16
220.248.0.0/14
221.0.0.0/13
221.8.0.0/15
221.10.0.0/16
221.11.0.0/17
221.11.128.0/18
221.11.192.0/19
221.12.0.0/17
221.12.128.0/18
221.13.0.0/16
221.14.0.0/15
221.122.0.0/15
221.129.0.0/16
221.130.0.0/15
221.132.64.0/19
221.133.128.0/18
221.136.0.0/15
221.138.0.0/15
221.140.0.0/14
221.144.0.0/12
221.160.0.0/13
221.168.0.0/16
221.172.0.0/14
221.176.0.0/13
221.192.0.0/14
221.196.0.0/15
221.198.0.0/16
221.199.0.0/19
221.199.32.0/20
221.199.128.0/18
221.199.192.0/20
221.200.0.0/13
221.208.0.0/12
221.224.0.0/12
222.16.0.0/12
222.32.0.0/11
222.64.0.0/11
222.96.0.0/12
222.112.0.0/13
222.120.0.0/15
222.122.0.0/16
222.125.0.0/16
222.128.0.0/12
222.160.0.0/14
222.168.0.0/13
222.176.0.0/12
222.192.0.0/11
222.231.0.0/18
222.232.0.0/13
222.240.0.0/13
222.248.0.0/16
222.249.0.0/17
222.249.128.0/18
222.249.192.0/19
222.249.224.0/20
222.249.240.0/21
222.249.248.0/23
 
Old 09-05-2005, 09:57 PM   #5
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Re: Re: script to block IPs from Korea, China, Taiwan??

Quote:
Originally posted by imitheos
If i am there is a iptables match module for countries. It is called geoip. Visit the following url:

http://www.netfilter.org/patch-o-mat...om-extra-geoip

From what i read in the link you just put --src-cc or -dst-cc
For example iptables -A FORWARD -src-cc ch,tw,kr -j DROP
Interesting... anyone else using this patch or have experience with it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
block ips in valknut kb_ganesh Linux - Networking 0 12-01-2005 10:36 AM
want to block some prots on some IPs......? shahg_shahg Linux - Networking 1 07-01-2005 12:38 PM
How to block specific IPs? cranium2004 Linux - Networking 3 04-01-2005 09:02 AM
block all IPs except one how in my setup?? cranium2004 Linux - Networking 3 03-20-2005 03:24 PM
Block list of IPs with SuSEFIREWALL2 mephitic Linux - Security 1 12-05-2004 01:50 AM


All times are GMT -5. The time now is 07:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration