LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Block off China and Russia? (https://www.linuxquestions.org/questions/slackware-14/block-off-china-and-russia-4175464713/)

Richard Cranium 06-15-2013 06:33 PM

Quote:

Originally Posted by guanx (Post 4972612)
When your enemy is China, nothing to fear; but when the U.S. lies behind, very dangerous!

I'm sure the people of Tibet and Vietnam agree with you.

However, I suggest that you confine your comments here to technical issues. As I will do.

guanx 06-15-2013 07:37 PM

Quote:

Originally Posted by Richard Cranium (Post 4972635)
I'm sure the people of Tibet and Vietnam agree with you.

However, I suggest that you confine your comments here to technical issues. As I will do.

Aha! What you will do looks quite different from what you are doing.

As you mentioned Vietnam, I could not keep from :D ... Do you forget 1959-1975 ?

.

dh2k 06-15-2013 08:00 PM

I recall a 'black' IP neighbourhood map of the internet that was reported in the UK media in the last 6mths;
where 'black' is source of a whole load of unsavoury types; perhaps scope here for an open source blacklist (if non already) -
and I would endear to see those who want to get off the black list meet requirements and/or bow to the benevolent leader and community for permission.

And, I would be so happy to see a package .txz that maintained '5h!th0u5e' IP ranges (and countries as an added module).

Project for me maybe; any support posts are most welcome.

jtsn 06-17-2013 04:50 AM

Quote:

Originally Posted by kikinovak (Post 4965354)
I'm running a few dedicated servers for clients, with a handful of specialized services like library management or school management. It's all more or less running on LAMP servers and supposed to be accessed around here, meaning in South France.

I have many hostile connections on these machines, mostly brute force attempts, which I keep out with a couple of iptables rules limiting the number of connections per minute. Only I'm facing a real tsunami here, and I thought about a more radical solution.

Is there a way to block whole countries using iptables? I've tracerouted some folks back, and they seem to originate mostly from China and Russia, with the odd Nigerian IP.

On dedicated servers targeted at a local audience, I usually whitelist RIPE IP space and block everything else. Have a look at the RIR allocations here:

http://www.iana.org/assignments/ipv4...ress-space.xml

You can try fine-tuning filters by country using a GeoIP service, but that is error-prone and almost never worth it.

BTW: For most US services (like Netflix) it is not unusual block everything that is not US.

BrZ 06-17-2013 09:03 PM

Today I was looking for some stuff and found this. If you know some tool to convert the filters provided by 'iblocklist' to cidr, I'll be very glad.

ps: +1...


All times are GMT -5. The time now is 12:20 PM.