Subj : Re: Block IPs based on Location
To : Compctech
From : Wilfred van Velzen
Date : Fri Feb 28 2025 05:59 pm
Hi Compctech,
On 2025-02-28 10:47:03, you wrote to All:
Co> I apologies if I am posting in the wrong location. I am getting a lot
Co> of login attempts from China and other Asian countries. It does not
Co> surprise me, but has anyone tried doing IP blocking by country, I
Co> don't like the idea, but with as much attempts I am getting, it's
Co> filling up my logs. I see how I can do it with UFW, but just need a
Co> good source of IP Blocks. CIDR notations would be great.
Yes you can get the IP block ranges by country at
http://www.ipdeny.com/
For example I do this in a script for some countries (not my fido machine though, because there are a lot of fido systems in russia):
wget -q -O zone.belarus
http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
wget -q -O zone.china
http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget -q -O zone.iran
http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
wget -q -O zone.north-korea
http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
wget -q -O zone.russia
http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone
After this I feed the files to fail2ban with these commands:
fail2ban-client restart --unban countries
fail2ban-client set countries banip $(<zone.north-korea )
fail2ban-client set countries banip $(<zone.belarus )
fail2ban-client set countries banip $(<zone.china )
fail2ban-client set countries banip $(<zone.iran )
fail2ban-client set countries banip $(<zone.russia )
And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this section:
[countries]
filter = manual
banaction = %(banaction_allports)s
bantime = -1
enabled = true
Bye, Wilfred.
--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)
