Blocking a country

Discussion in 'Tips/Tricks/Mods' started by Marcio Urakawa, Feb 22, 2021.

  1. I am trying to block a list of IP blocks to block a country. Did anyone succeed without changing the ISP's native settings?

    I'm researching the possibilities, I'm in doubt if I do it through Apache, fail2ban or through the firewall.
    Some form that is as light as possible and easy to manage.
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Do you have a firewall that supports that? That would definitely be easiest.

    None of the three (apache/fail2ban/ufw) supports blocking by countries without some work; probably apache or iptables would be the most likely of the those to get the job done, but unless you can find something already put together for it (and other folks may reply here with exactly that), you'll have to setup a download of geoip data source (update weekly or monthly maybe?) and pull the data from there to rig up your rules.

    As a suggestion, I'm a happy pfsense user, which is a firewall platform you could use for that among (many) other things.
     
    Marcio Urakawa likes this.
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Marcio Urakawa likes this.
  4. atle

    atle Member HowtoForge Supporter

    with csf you can block countries per port.
     
  5. Steini86

    Steini86 Active Member

    I made pretty good experience with ipset blacklist: https://github.com/trick77/ipset-blacklist
    It is fast and supports different blacklists. You can activate a country blacklist to block a country.
    Use the firewall, it's orders of magnitude faster (less power consuming)!
     

Share This Page