HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=29)
-   -   Firewall "upgrade"? (http://www.howtoforge.com/forums/showthread.php?t=50137)

Combikrist 20th November 2010 09:46

Firewall "upgrade"?
 
1 Attachment(s)
Hy there!

I'm rinnung a virtual server at hosteurope.de
First I used PLESK, but it is quite heavy to run for the vserver.
So I tried ISPConfig.

Ubuntu 8.04.1 fresh installed with ISPConfig3.
It runs like a charm!

Now, I want to block Asianet and some other countries with my firewall.
On PLESK I used the integrated firewall-settings -have a look at the attachment-

How can I accomplish this with ISPConfig?
I tried to follow HOWTO: Implement iptables blocking by Country but I ran into some serious incompatibilities with Ubuntu 8.04 :eek:


my regards

drewb0y 21st November 2010 07:32

Check out my post about blocking by countries.

HOWTO: Implement iptables blocking by Country

Hopefully that will help you out.

Antennipasi 21st November 2010 08:43

Quote:

Originally Posted by Combikrist (Post 244751)
Now, I want to block Asianet and some other countries with my firewall.

Sure you do with that list. Where have you find list like that?

Even firs 58.*-rule blocks networks from:
Afghanistan
Australia
Bangladesh
China
Hong
India
Indonesia
Japan
Korea
Malaysia
New Zealand
Pakistan
Philippines
Singapore
Taiwan
Thailand
Vietnam

I did not even bother to check out rest of them. They are _way_ too much.

Currently Maxmind's GeoIP-database has 289 net-blocks from Asia. With your current firewall implementation you need 289 for Asia-rules to prevent blocking countries you (or your clients?) don't want to block.

I suggest you try again with drewb0y's HOWTO.

Combikrist 22nd November 2010 09:10

Quote:

Originally Posted by Antennipasi (Post 244804)
Sure you do with that list. Where have you find list like that?

I created it.

I blocked the complete APNIC Range, and some of the AFRINIC ranges.

http://img834.imageshack.us/img834/9010/nicd.jpg



You can find the ranges here:
some
AFRINIC
APNIC
some more


Now I added the DROPs to my iptables with the following commandline commands:

Code:

iptables -I INPUT -s 58.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 59.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 60.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 61.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 121.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 122.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 123.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 124.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 125.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 126.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 202.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 203.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 210.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 211.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 218.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 219.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 220.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 222.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 200.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 201.0.0.0/255.0.0.0 -j DROP
iptables -I INPUT -s 66.196.0.0/255.255.0.0 -j DROP
iptables -I INPUT -s 206.141.193.0/255.255.255.0 -j DROP
iptables -I INPUT -s 180.168.0.0/255.255.0.0 -j DROP


:D

Antennipasi 22nd November 2010 11:50

Quote:

Originally Posted by Combikrist (Post 244869)
I created it.

I blocked the complete APNIC Range, and some of the AFRINIC ranges.

:D

Seems that you know how widely you are blocking countries, so i don't blame you more :)

You are doing it right way. Currently used firewall implementation does not allow to insert custom rules.


All times are GMT +2. The time now is 01:21.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.