From 1e293ac7f0b8c8bdd19bc7396101b1888c68c4ed Mon Sep 17 00:00:00 2001 From: fossilfranv Date: Tue, 14 Mar 2023 18:55:55 +0100 Subject: [PATCH] Update 'README.md' --- README.md | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/README.md b/README.md index 17eff4d..b9bac60 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,74 @@ # block_russia +In this tutorial, we’ll cover how we can block large IP ranges using ipset module with iptables. IPset is a command line based utility which is used to administer the framework called IP sets inside the Linux kernel. We will use the Debian operating system for the below explanation. + +You can download the IP ranges for a country that you want to block by using the IP2Location Free Visitor Blocker, a free online tool to download the IP addresses of any country for a wide range of formats. + + +Install ipset package in your Linux system. +apt install ipset + + +Go to https://www.ip2location.com/free/visitor-blocker. +Pick a country you wish to block and choose the CIDR format. +Download the list and you will get a list of CIDR similar to the below: +31.13.156.64/29 +31.13.158.236/30 +31.13.159.16/28 +34.99.130.0/23 +34.99.202.0/23 +34.103.146.0/23 +34.103.219.0/24 +41.57.120.0/22 +41.58.0.0/16 +41.67.128.0/19 +41.67.160.0/20 +41.67.176.0/23 +41.67.178.0/27 +41.67.178.32/28 +41.67.178.48/30 + + +Save the list as blockcountry.sh. +Run the following command to convert the CIDR into ipset format. +sed -i '/^#/d' blockcountry.sh +sed -i 's/^/ipset add countryblocker /g' blockcountry.sh +sed -i '1i ipset create countryblocker nethash' blockcountry.sh + + +The content of blockcountry.sh now should look similar to the below: +ipset create countryblocker nethash +ipset add countryblocker 31.13.156.64/29 +ipset add countryblocker 31.13.158.236/30 +ipset add countryblocker 31.13.159.16/28 +ipset add countryblocker 34.99.130.0/23 +ipset add countryblocker 34.99.202.0/23 +ipset add countryblocker 34.103.146.0/23 +ipset add countryblocker 34.103.219.0/24 +ipset add countryblocker 41.57.120.0/22 +ipset add countryblocker 41.58.0.0/16 +ipset add countryblocker 41.67.128.0/19 +ipset add countryblocker 41.67.160.0/20 +ipset add countryblocker 41.67.176.0/23 +ipset add countryblocker 41.67.178.0/27 +ipset add countryblocker 41.67.178.32/28 +ipset add countryblocker 41.67.178.48/30 + + +Give execution permission to blockcountry.sh and run it. +chmod +x blockcountry.sh +bash blockcountry.sh + + +Now the ipset is ready, and we will need to create a iptables rule to block these IP addresses. +iptables -A INPUT -m set --match-set countryblocker src -j DROP + + +To make sure the iptables rule persist after a reboot, save the iptables rule. +ipset save > /etc/countryblocker.ipset +iptables-save > /etc/iptables/rules.iptables + + +Add the following lines into /etc/rc.local file to make sure these rules are reloaded after a system reboot. +ipset restore < /etc/countryblocker.ipset +iptables-restore < /etc/iptables/rules.iptables \ No newline at end of file