View Single Post
  #5  
Old 13th November 2010, 14:16
drewb0y drewb0y is offline
Senior Member
 
Join Date: Sep 2010
Posts: 103
Thanks: 10
Thanked 14 Times in 7 Posts
Default

Quote:
Originally Posted by biggdog View Post
Thanks for the info.
I would like to know how to implement this into the exsisting iptables or through ispconfig3.

I did this and once I rebooted I do not see it after an iptables -L
"iptables -N GEOIP_REJECT
iptables -I GEOIP_REJECT -m geoip --src-cc UA -j REJECT
iptables -A INPUT -j GEOIP_REJECT"

I am not a complete nube but I am looking for some help if possible.

The file I have "country codes setup is taken from your little example. I left out 4 countries.
7267 ranges for CA Canada
12102 ranges for DE Germany
13028 ranges for GB United Kingdom
19724 ranges for US United States
Germany is because I talk to astaro
The UK is for some downloads I think.

If this helps anyone please feel free to use it.
Also should we add an "ACCEPT" for those we want.
I did not actually use a file of the countries to enter them, they were just listed above as a reference. So I would enter each individually with a separate command.

iptables -I GEOIP_REJECT -m geoip --src-cc UA -j REJECT
then
iptables -A INPUT -j GEOIP_REJECT
after all have been entered
the first line
iptables -N GEOIP_REJECT
I only entered once

I have not actually rebooted yet myself, and rarely do actually,
Code:
uptime
 06:10:11 up 21 days,  7:48,  1 user,  load average: 0.01, 0.05, 0.01
so I'm not sure if it will fall out. My question is did you check with an iptables -L before you rebooted? It may never have taken correctly in the first place. Here is an example of what your iptables -L ouput should look like if it's working.

Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-postfix  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp 
fail2ban-postfix-spamers550  tcp  --  anywhere             anywhere            multiport dports smtp,ssmtp 
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh 
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            
GEOIP_REJECT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain GEOIP_REJECT (12 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            Source country: HN reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: MA reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: KP reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: KR reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: BY reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: NG reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: CM reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: KG reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: KZ reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: SG reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: BG reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: ZA reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: GD reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: PK reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: DO reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: CO reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: RS reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: CL reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: IQ reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: ID reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: AE reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: SA reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: BR reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: AR reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: PT reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: UA reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: VE reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: RU reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: RO reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: VN reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: TH reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: RW reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            Source country: CZ reject-with icmp-port-unreachable 

Chain fail2ban-postfix (1 references)
target     prot opt source               destination         
DROP       all  --  117.200.250.116      anywhere            
DROP       all  --  217.29.122.151       anywhere            
DROP       all  --  193.251.223.82       anywhere            
DROP       all  --  117.195.68.191       anywhere            
DROP       all  --  90.91.56.190.dsl.intelnet.net.gt  anywhere            
DROP       all  --  triband-del-59.178.55.168.bol.net.in  anywhere            
DROP       all  --  59.93.163.7          anywhere            
DROP       all  --  93.Red-88-17-1.dynamicIP.rima-tde.net  anywhere            
DROP       all  --  221.207.145.66       anywhere            
DROP       all  --  ge-3-3-0-core-as12455.orange.co.ke  anywhere            
DROP       all  --  gw.pslpom.datec.net.pg  anywhere            
DROP       all  --  ABTS-North-Dynamic-219.143.163.122.airtelbroadband.in  anywhere            
DROP       all  --  124.106.81.18        anywhere            
DROP       all  --  124.93.248.250       anywhere            
DROP       all  --  117.201.75.26        anywhere            
DROP       all  --  triband-del-59.178.55.177.bol.net.in  anywhere            
DROP       all  --  59.164.1.54.man-dynamic.vsnl.net.in  anywhere            
DROP       all  --  94-75-91-245.home.aster.pl  anywhere            
DROP       all  --  ABTS-North-Dynamic-130.124.161.122.airtelbroadband.in  anywhere            
DROP       all  --  ABTS-MP-Dynamic-064.130.175.122.airtelbroadband.in  anywhere            
DROP       all  --  116.73.241.33        anywhere            
DROP       all  --  ABTS-TN-dynamic-203.190.178.122.airtelbroadband.in  anywhere            
DROP       all  --  221.218.19.95.dynamic.jazztel.es  anywhere            
DROP       all  --  ABTS-North-Dynamic-224.13.173.122.airtelbroadband.in  anywhere            
DROP       all  --  222.168.13.180       anywhere            
DROP       all  --  IGLD-80-230-5-86.inter.net.il  anywhere            
DROP       all  --  117.199.105.63       anywhere            
DROP       all  --  80.191.174.8         anywhere            
DROP       all  --  60.6.156.46          anywhere            
DROP       all  --  91.99.155.189.parsonline.net  anywhere            
DROP       all  --  196.2.11.86          anywhere            
DROP       all  --  120.56.149.193       anywhere            
DROP       all  --  c-98-250-181-247.hsd1.mi.comcast.net  anywhere            
DROP       all  --  42.73.148.190.dsl.intelnet.net.gt  anywhere            
DROP       all  --  adsl-ull-55-153.46-151.net24.it  anywhere            
DROP       all  --  186-40-183-76.bam.movistar.cl  anywhere            
DROP       all  --  user-46-113-14-85.play-internet.pl  anywhere            
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-postfix-spamers550 (1 references)
target     prot opt source               destination         
DROP       all  --  117.200.250.116      anywhere            
DROP       all  --  217.29.122.151       anywhere            
DROP       all  --  193.251.223.82       anywhere            
DROP       all  --  117.195.68.191       anywhere            
DROP       all  --  90.91.56.190.dsl.intelnet.net.gt  anywhere            
DROP       all  --  triband-del-59.178.55.168.bol.net.in  anywhere            
DROP       all  --  59.93.163.7          anywhere            
DROP       all  --  93.Red-88-17-1.dynamicIP.rima-tde.net  anywhere            
DROP       all  --  221.207.145.66       anywhere            
DROP       all  --  ge-3-3-0-core-as12455.orange.co.ke  anywhere            
DROP       all  --  gw.pslpom.datec.net.pg  anywhere            
DROP       all  --  ABTS-North-Dynamic-219.143.163.122.airtelbroadband.in  anywhere            
DROP       all  --  124.106.81.18        anywhere            
DROP       all  --  124.93.248.250       anywhere            
DROP       all  --  117.201.75.26        anywhere            
DROP       all  --  triband-del-59.178.55.177.bol.net.in  anywhere            
DROP       all  --  59.164.1.54.man-dynamic.vsnl.net.in  anywhere            
DROP       all  --  94-75-91-245.home.aster.pl  anywhere            
DROP       all  --  ABTS-North-Dynamic-130.124.161.122.airtelbroadband.in  anywhere            
DROP       all  --  ABTS-MP-Dynamic-064.130.175.122.airtelbroadband.in  anywhere            
DROP       all  --  116.73.241.33        anywhere            
DROP       all  --  ABTS-TN-dynamic-203.190.178.122.airtelbroadband.in  anywhere            
DROP       all  --  221.218.19.95.dynamic.jazztel.es  anywhere            
DROP       all  --  ABTS-North-Dynamic-224.13.173.122.airtelbroadband.in  anywhere            
DROP       all  --  222.168.13.180       anywhere            
DROP       all  --  IGLD-80-230-5-86.inter.net.il  anywhere            
DROP       all  --  117.199.105.63       anywhere            
DROP       all  --  80.191.174.8         anywhere            
DROP       all  --  60.6.156.46          anywhere            
DROP       all  --  91.99.155.189.parsonline.net  anywhere            
DROP       all  --  196.2.11.86          anywhere            
DROP       all  --  120.56.149.193       anywhere            
DROP       all  --  85-171-140-43.rev.numericable.fr  anywhere            
DROP       all  --  CPE-124-188-250-92.ezsb1.cht.bigpond.net.au  anywhere            
DROP       all  --  host86-138-180-66.range86-138.btcentralplus.com  anywhere            
DROP       all  --  41.199.43.124        anywhere            
DROP       all  --  20129147022.user.veloxzone.com.br  anywhere            
DROP       all  --  201-27-80-169.dsl.telesp.net.br  anywhere            
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  218.1.114.75         anywhere            
RETURN     all  --  anywhere             anywhere
And yes fail2ban blocked someone from Shanghai trying to ssh into my box!
__________________
ISPConfig 3.0.5.4p1 - The Perfect Server - Debian Wheezy (nginx, BIND, Dovecot, ISPConfig 3)
Installed on Debian 7.6 on a KVM VPS
Reply With Quote