fossilfranv/block_russia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
block_russia/README.md
fossilfranv 1e293ac7f0 Update 'README.md'
2023-03-14 18:55:55 +01:00

74 lines
2.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# block_russia
In this tutorial, well cover how we can block large IP ranges using ipset module with iptables. IPset is a command line based utility which is used to administer the framework called IP sets inside the Linux kernel. We will use the Debian operating system for the below explanation.
You can download the IP ranges for a country that you want to block by using the IP2Location Free Visitor Blocker, a free online tool to download the IP addresses of any country for a wide range of formats.
Install ipset package in your Linux system.
apt install ipset
Go to https://www.ip2location.com/free/visitor-blocker.
Pick a country you wish to block and choose the CIDR format.
Download the list and you will get a list of CIDR similar to the below:
31.13.156.64/29
31.13.158.236/30
31.13.159.16/28
34.99.130.0/23
34.99.202.0/23
34.103.146.0/23
34.103.219.0/24
41.57.120.0/22
41.58.0.0/16
41.67.128.0/19
41.67.160.0/20
41.67.176.0/23
41.67.178.0/27
41.67.178.32/28
41.67.178.48/30
Save the list as blockcountry.sh.
Run the following command to convert the CIDR into ipset format.
sed -i '/^#/d' blockcountry.sh
sed -i 's/^/ipset add countryblocker /g' blockcountry.sh
sed -i '1i ipset create countryblocker nethash' blockcountry.sh
The content of blockcountry.sh now should look similar to the below:
ipset create countryblocker nethash
ipset add countryblocker 31.13.156.64/29
ipset add countryblocker 31.13.158.236/30
ipset add countryblocker 31.13.159.16/28
ipset add countryblocker 34.99.130.0/23
ipset add countryblocker 34.99.202.0/23
ipset add countryblocker 34.103.146.0/23
ipset add countryblocker 34.103.219.0/24
ipset add countryblocker 41.57.120.0/22
ipset add countryblocker 41.58.0.0/16
ipset add countryblocker 41.67.128.0/19
ipset add countryblocker 41.67.160.0/20
ipset add countryblocker 41.67.176.0/23
ipset add countryblocker 41.67.178.0/27
ipset add countryblocker 41.67.178.32/28
ipset add countryblocker 41.67.178.48/30
Give execution permission to blockcountry.sh and run it.
chmod +x blockcountry.sh
bash blockcountry.sh
Now the ipset is ready, and we will need to create a iptables rule to block these IP addresses.
iptables -A INPUT -m set --match-set countryblocker src -j DROP
To make sure the iptables rule persist after a reboot, save the iptables rule.
ipset save > /etc/countryblocker.ipset
iptables-save > /etc/iptables/rules.iptables
Add the following lines into /etc/rc.local file to make sure these rules are reloaded after a system reboot.
ipset restore < /etc/countryblocker.ipset
iptables-restore < /etc/iptables/rules.iptables
Reference in New Issue View Git Blame Copy Permalink