Hy there!

I'm rinnung a virtual server at hosteurope.de
First I used PLESK, but it is quite heavy to run for the vserver.
So I tried ISPConfig.

Ubuntu 8.04.1 fresh installed with ISPConfig3.
It runs like a charm!

Now, I want to block Asianet and some other countries with my firewall.
On PLESK I used the integrated firewall-settings -have a look at the attachment-

How can I accomplish this with ISPConfig?
I tried to follow HOWTO: Implement iptables blocking by Country (http://www.howtoforge.com/forums/showthread.php?t=49998) but I ran into some serious incompatibilities with Ubuntu 8.04 :eek:


my regards

Check out my post about blocking by countries.

HOWTO: Implement iptables blocking by Country (http://howtoforge.com/forums/showthread.php?t=49998)

Hopefully that will help you out.

Now, I want to block Asianet and some other countries with my firewall.

Sure you do with that list. Where have you find list like that?

Even firs 58.*-rule blocks networks from:
Afghanistan
Australia
Bangladesh
China
Hong
India
Indonesia
Japan
Korea
Malaysia
New Zealand
Pakistan
Philippines
Singapore
Taiwan
Thailand
Vietnam

I did not even bother to check out rest of them. They are _way_ too much.

Currently Maxmind's GeoIP-database has 289 net-blocks from Asia. With your current firewall implementation you need 289 for Asia-rules to prevent blocking countries you (or your clients?) don't want to block.

I suggest you try again with drewb0y's HOWTO.

Sure you do with that list. Where have you find list like that?

I created it.

I blocked the complete APNIC Range, and some of the AFRINIC ranges.

http://img834.imageshack.us/img834/9010/nicd.jpg (http://img834.imageshack.us/i/nicd.jpg/)



You can find the ranges here:
some (http://www.joewein.de/sw/ip-v4-ranges.htm)
AFRINIC (http://en.wikipedia.org/wiki/AfriNIC)
APNIC (http://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range)
some more (http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml)


Now I added the DROPs to my iptables with the following commandline commands:

iptables -I INPUT -s 58.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 59.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 60.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 61.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 121.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 122.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 123.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 124.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 125.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 126.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 202.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 203.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 210.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 211.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 218.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 219.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 220.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 222.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 200.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 201.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 66.196.0.0/255.255.0.0 -j DROP
iptables -I INPUT -s 206.141.193.0/255.255.255.0 -j DROP
iptables -I INPUT -s 180.168.0.0/255.255.0.0 -j DROP



:D

I created it.

I blocked the complete APNIC Range, and some of the AFRINIC ranges.

:D

Seems that you know how widely you are blocking countries, so i don't blame you more :)

You are doing it right way. Currently used firewall implementation does not allow to insert custom rules.