Quote:
Originally Posted by biggdog
Thanks for the info.
I would like to know how to implement this into the exsisting iptables or through ispconfig3.
I did this and once I rebooted I do not see it after an iptables -L
"iptables -N GEOIP_REJECT
iptables -I GEOIP_REJECT -m geoip --src-cc UA -j REJECT
iptables -A INPUT -j GEOIP_REJECT"
I am not a complete nube but I am looking for some help if possible.
The file I have "country codes setup is taken from your little example. I left out 4 countries.
7267 ranges for CA Canada
12102 ranges for DE Germany
13028 ranges for GB United Kingdom
19724 ranges for US United States
Germany is because I talk to astaro
The UK is for some downloads I think.
If this helps anyone please feel free to use it.
Also should we add an "ACCEPT" for those we want.
|
I did not actually use a file of the countries to enter them, they were just listed above as a reference. So I would enter each individually with a separate command.
iptables -I GEOIP_REJECT -m geoip --src-cc UA -j REJECT
then
iptables -A INPUT -j GEOIP_REJECT
after all have been entered
the first line
iptables -N GEOIP_REJECT
I only entered once
I have not actually rebooted yet myself, and rarely do actually,
Code:
uptime
06:10:11 up 21 days, 7:48, 1 user, load average: 0.01, 0.05, 0.01
so I'm not sure if it will fall out. My question is did you check with an iptables -L
before you rebooted? It may never have taken correctly in the first place. Here is an example of what your iptables -L ouput should look like if it's working.
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-postfix tcp -- anywhere anywhere multiport dports smtp,ssmtp
fail2ban-postfix-spamers550 tcp -- anywhere anywhere multiport dports smtp,ssmtp
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
GEOIP_REJECT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain GEOIP_REJECT (12 references)
target prot opt source destination
REJECT all -- anywhere anywhere Source country: HN reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: MA reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: KP reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: KR reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: BY reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: NG reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: CM reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: KG reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: KZ reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: SG reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: BG reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: ZA reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: GD reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: PK reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: DO reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: CO reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: RS reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: CL reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: IQ reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: ID reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: AE reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: SA reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: BR reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: AR reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: PT reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: UA reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: VE reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: RU reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: RO reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: VN reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: TH reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: RW reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere Source country: CZ reject-with icmp-port-unreachable
Chain fail2ban-postfix (1 references)
target prot opt source destination
DROP all -- 117.200.250.116 anywhere
DROP all -- 217.29.122.151 anywhere
DROP all -- 193.251.223.82 anywhere
DROP all -- 117.195.68.191 anywhere
DROP all -- 90.91.56.190.dsl.intelnet.net.gt anywhere
DROP all -- triband-del-59.178.55.168.bol.net.in anywhere
DROP all -- 59.93.163.7 anywhere
DROP all -- 93.Red-88-17-1.dynamicIP.rima-tde.net anywhere
DROP all -- 221.207.145.66 anywhere
DROP all -- ge-3-3-0-core-as12455.orange.co.ke anywhere
DROP all -- gw.pslpom.datec.net.pg anywhere
DROP all -- ABTS-North-Dynamic-219.143.163.122.airtelbroadband.in anywhere
DROP all -- 124.106.81.18 anywhere
DROP all -- 124.93.248.250 anywhere
DROP all -- 117.201.75.26 anywhere
DROP all -- triband-del-59.178.55.177.bol.net.in anywhere
DROP all -- 59.164.1.54.man-dynamic.vsnl.net.in anywhere
DROP all -- 94-75-91-245.home.aster.pl anywhere
DROP all -- ABTS-North-Dynamic-130.124.161.122.airtelbroadband.in anywhere
DROP all -- ABTS-MP-Dynamic-064.130.175.122.airtelbroadband.in anywhere
DROP all -- 116.73.241.33 anywhere
DROP all -- ABTS-TN-dynamic-203.190.178.122.airtelbroadband.in anywhere
DROP all -- 221.218.19.95.dynamic.jazztel.es anywhere
DROP all -- ABTS-North-Dynamic-224.13.173.122.airtelbroadband.in anywhere
DROP all -- 222.168.13.180 anywhere
DROP all -- IGLD-80-230-5-86.inter.net.il anywhere
DROP all -- 117.199.105.63 anywhere
DROP all -- 80.191.174.8 anywhere
DROP all -- 60.6.156.46 anywhere
DROP all -- 91.99.155.189.parsonline.net anywhere
DROP all -- 196.2.11.86 anywhere
DROP all -- 120.56.149.193 anywhere
DROP all -- c-98-250-181-247.hsd1.mi.comcast.net anywhere
DROP all -- 42.73.148.190.dsl.intelnet.net.gt anywhere
DROP all -- adsl-ull-55-153.46-151.net24.it anywhere
DROP all -- 186-40-183-76.bam.movistar.cl anywhere
DROP all -- user-46-113-14-85.play-internet.pl anywhere
RETURN all -- anywhere anywhere
Chain fail2ban-postfix-spamers550 (1 references)
target prot opt source destination
DROP all -- 117.200.250.116 anywhere
DROP all -- 217.29.122.151 anywhere
DROP all -- 193.251.223.82 anywhere
DROP all -- 117.195.68.191 anywhere
DROP all -- 90.91.56.190.dsl.intelnet.net.gt anywhere
DROP all -- triband-del-59.178.55.168.bol.net.in anywhere
DROP all -- 59.93.163.7 anywhere
DROP all -- 93.Red-88-17-1.dynamicIP.rima-tde.net anywhere
DROP all -- 221.207.145.66 anywhere
DROP all -- ge-3-3-0-core-as12455.orange.co.ke anywhere
DROP all -- gw.pslpom.datec.net.pg anywhere
DROP all -- ABTS-North-Dynamic-219.143.163.122.airtelbroadband.in anywhere
DROP all -- 124.106.81.18 anywhere
DROP all -- 124.93.248.250 anywhere
DROP all -- 117.201.75.26 anywhere
DROP all -- triband-del-59.178.55.177.bol.net.in anywhere
DROP all -- 59.164.1.54.man-dynamic.vsnl.net.in anywhere
DROP all -- 94-75-91-245.home.aster.pl anywhere
DROP all -- ABTS-North-Dynamic-130.124.161.122.airtelbroadband.in anywhere
DROP all -- ABTS-MP-Dynamic-064.130.175.122.airtelbroadband.in anywhere
DROP all -- 116.73.241.33 anywhere
DROP all -- ABTS-TN-dynamic-203.190.178.122.airtelbroadband.in anywhere
DROP all -- 221.218.19.95.dynamic.jazztel.es anywhere
DROP all -- ABTS-North-Dynamic-224.13.173.122.airtelbroadband.in anywhere
DROP all -- 222.168.13.180 anywhere
DROP all -- IGLD-80-230-5-86.inter.net.il anywhere
DROP all -- 117.199.105.63 anywhere
DROP all -- 80.191.174.8 anywhere
DROP all -- 60.6.156.46 anywhere
DROP all -- 91.99.155.189.parsonline.net anywhere
DROP all -- 196.2.11.86 anywhere
DROP all -- 120.56.149.193 anywhere
DROP all -- 85-171-140-43.rev.numericable.fr anywhere
DROP all -- CPE-124-188-250-92.ezsb1.cht.bigpond.net.au anywhere
DROP all -- host86-138-180-66.range86-138.btcentralplus.com anywhere
DROP all -- 41.199.43.124 anywhere
DROP all -- 20129147022.user.veloxzone.com.br anywhere
DROP all -- 201-27-80-169.dsl.telesp.net.br anywhere
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
DROP all -- 218.1.114.75 anywhere
RETURN all -- anywhere anywhere
And yes fail2ban blocked someone from Shanghai trying to ssh into my box!