Originally Posted by kikinovak
I'm running a few dedicated servers for clients, with a handful of specialized services like library management or school management. It's all more or less running on LAMP servers and supposed to be accessed around here, meaning in South France.
I have many hostile connections on these machines, mostly brute force attempts, which I keep out with a couple of iptables rules limiting the number of connections per minute. Only I'm facing a real tsunami here, and I thought about a more radical solution.
Is there a way to block whole countries using iptables? I've tracerouted some folks back, and they seem to originate mostly from China and Russia, with the odd Nigerian IP.
On dedicated servers targeted at a local audience, I usually whitelist RIPE IP space and block everything else. Have a look at the RIR allocations here:
You can try fine-tuning filters by country using a GeoIP service, but that is error-prone and almost never worth it.
BTW: For most US services (like Netflix) it is not unusual block everything that is not US.