Subj : Re: Block IPs based on Location
To : Wilfred van Velzen
From : Compctech
Date : Fri Feb 28 2025 06:50 pm
> Hi Compctech,
> On 2025-02-28 10:47:03, you wrote to All:
> Yes you can get the IP block ranges by country at
http://www.ipdeny.com/
> For example I do this in a script for some countries (not my fido machine
> though, because there are a lot of fido systems in russia):
> wget -q -O zone.belarus
>
http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
> wget -q -O zone.china
>
http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
> wget -q -O zone.iran
>
http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
> wget -q -O zone.north-korea
>
http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
> wget -q -O zone.russia
>
http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone
> After this I feed the files to fail2ban with these commands:
> fail2ban-client restart --unban countries
> fail2ban-client set countries banip $(<zone.north-korea )
> fail2ban-client set countries banip $(<zone.belarus )
> fail2ban-client set countries banip $(<zone.china )
> fail2ban-client set countries banip $(<zone.iran )
> fail2ban-client set countries banip $(<zone.russia )
> And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this
> section:
> [countries]
> filter = manual
> banaction = %(banaction_allports)s
> bantime = -1
> enabled = true
> Bye, Wilfred.
> --- FMail-lnx64 2.3.2.4-B20240523
> * Origin: FMail development HQ (2:280/464)
> � Synchronet � Vertrauen � Home of Synchronet �
> [vert/cvs/bbs].synchro.net
Thanks!!! I think that did it. China is the worst when coming to attempts to
brake into stuff. At my last job (10+ Years ago) we setup a honeypot system
that we would use to build block lists and it also reported back to a network
of honeypot that would pool the IPs together. Now I am trying to remember what
that honeypot net was.
Sam L.
LSNET Archive
---
■ Synchronet ■ LSNET Archive - Archiving Software for the Future
