Blocking a country

Discussion in 'Tips/Tricks/Mods' started by Marcio Urakawa, Feb 22, 2021.

  1. Marcio Urakawa

    Marcio Urakawa Member HowtoForge Supporter

    I am trying to block a list of IP blocks to block a country. Did anyone succeed without changing the ISP's native settings?

    I'm researching the possibilities, I'm in doubt if I do it through Apache, fail2ban or through the firewall.
    Some form that is as light as possible and easy to manage.
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Do you have a firewall that supports that? That would definitely be easiest.

    None of the three (apache/fail2ban/ufw) supports blocking by countries without some work; probably apache or iptables would be the most likely of the those to get the job done, but unless you can find something already put together for it (and other folks may reply here with exactly that), you'll have to setup a download of geoip data source (update weekly or monthly maybe?) and pull the data from there to rig up your rules.

    As a suggestion, I'm a happy pfsense user, which is a firewall platform you could use for that among (many) other things.
    Marcio Urakawa likes this.
  3. Marcio Urakawa

    Marcio Urakawa Member HowtoForge Supporter

  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Marcio Urakawa likes this.
  5. atle

    atle Member HowtoForge Supporter

    with csf you can block countries per port.

Share This Page