-   Linux - Newbie (
-   -   Blocking countries from accessing my server? (

arashi256 06-03-2010 08:22 AM

Blocking countries from accessing my server?
How can I block certain countries from accessing my server in any capacity? Is this possible? What do I need to add to my /etc/hosts.deny for this?

I have searched on how to do this, but I couldn't find a definitive answer.

Thanks for any advice.

alli_yas 06-03-2010 08:34 AM

Its possible; but depends on what countries.

You could potentially block countries based on the RIR's that the IANA allocates IP address ranges too. Take a look at which explains the different RIR's that exist and the countries they compromise.

The problem you may have though is that IP's ranges are allocated per region (ie. Africa) and not per country (ie. Zimbabwe) - thus for example if you want to block say the USA, but not Canada, this won't be possible.

Technically blocking a region is easily achievable through iptables (once you've figured out what the IP address range is that you want to block).

cantab 06-03-2010 09:30 AM

Yeah, you have to block the IP addresses you know belong to that country. But as mentioned, some names may span more than one country.

However, unless you are required to impose such a block by law, why are you?

ddaemonunics 06-03-2010 01:26 PM

Why not ..
there is geoip iptables module
here is a very good tutorial

arashi256 06-03-2010 04:19 PM

Mostly to see if I can - I'm writing a script to flush and refresh my iptable rules to use wget to download ip blocks for certain countries to block. Also because I'm getting lots of people from China hammering on my firewall and thought "No Intrawebs for you!" :)

But mostly to see if it can be done really. Thanks for the advice and links. Will look into that geoip module. No need to reinvent the wheel.

All times are GMT -5. The time now is 03:42 PM.