a sysadmin'z hard dayz: IPTABLES - how to allow or deny certain countries of the world

2014. november 17., hétfő

IPTABLES - how to allow or deny certain countries of the world

It's a usual request for a sysadmin to ban or allow only a certain country in firewalls or .htaccesses of apache. Here are two common ways to do that.

Method 1.
Using xtables and maxmind

apt-get install libtext-csv-xs-perl module-assistant geoip-database libgeoip1

module-assistant --verbose --text-mode auto-install xtables-addons

mkdir /usr/share/xt_geoip

cd /usr/share/xt_geoip

# this is a rather old package but for free

wget http://terminal28.com/wp-content/uploads/2013/10/geoip-dl-build.tar.gz
tar xvf geoip-dl-build.tar.gz
./xt_geoip_dl
./xt_geoip_build -D . *.csv

##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE ##EXAMPLE

iptables --flush # BEWARE

iptables -A INPUT -p tcp --dport 443 -m geoip --src-cc HU,CZ,PL,RO -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Method 2.
Simply using https://www.countryipblocks.net/country_selection.php to get ranges to allow/deny

a sysadmin'z hard dayz

2014. november 17., hétfő

IPTABLES - how to allow or deny certain countries of the world

Nincsenek megjegyzések:

Megjegyzés küldése

Magamról