I'm being plagued by scripting bots hammering the living shoite out of my mail server at the moment so it's time to nail the firewall a bit. This will work on a server or workstation but it's all command-line iptables stuff - not TOO scary!
As this is a kernel function you may have to dig around a bit to get it working, especially if you have an older distro than the one I'm using (Ubuntu 12.04.1) with all updates done.
First check that iptables, xtables-addons-common and module-assistant are installed.
If anything is already installed it won't do any harm, just report that it is already latest version. The xtables-addons allow linking iptables to GEOIP which is a geographical location database.
If you don't see references to the kernel source headers being installed then follow up with this.
Now, create a directory for geolocation database, change to the xtables-addons directory and download the free Maxmind GeoIP files. This database is around 98% accurate and updated monthly.
The database needs to be extracted into a usable format so install the following module:
Run the extraction process to create all the dependent files in /usr/share/xt_geoip, these cover both IPv4 and IPv6 so you should see two new directories created (BE and LE) with files like the sample below:
Finally, add the following rules to iptables:
In Rule 1 you should substitute the country codes for those countries you want to accept connections from. The codes can be obtained from here - ISO 3166 Country Codes « Maxmind Developer Site
In Rule 2 you should substitute your own network number in CIDR format.
Now you sit back and let the packets drop like flies
As this is a kernel function you may have to dig around a bit to get it working, especially if you have an older distro than the one I'm using (Ubuntu 12.04.1) with all updates done.
First check that iptables, xtables-addons-common and module-assistant are installed.
Code:
You don't have permission to view the code content. Log in or register now.
If anything is already installed it won't do any harm, just report that it is already latest version. The xtables-addons allow linking iptables to GEOIP which is a geographical location database.
If you don't see references to the kernel source headers being installed then follow up with this.
Code:
You don't have permission to view the code content. Log in or register now.
Now, create a directory for geolocation database, change to the xtables-addons directory and download the free Maxmind GeoIP files. This database is around 98% accurate and updated monthly.
Code:
You don't have permission to view the code content. Log in or register now.
The database needs to be extracted into a usable format so install the following module:
Code:
You don't have permission to view the code content. Log in or register now.
Run the extraction process to create all the dependent files in /usr/share/xt_geoip, these cover both IPv4 and IPv6 so you should see two new directories created (BE and LE) with files like the sample below:
Code:
You don't have permission to view the code content. Log in or register now.
Code:
You don't have permission to view the code content. Log in or register now.
Finally, add the following rules to iptables:
Code:
You don't have permission to view the code content. Log in or register now.
In Rule 1 you should substitute the country codes for those countries you want to accept connections from. The codes can be obtained from here - ISO 3166 Country Codes « Maxmind Developer Site
In Rule 2 you should substitute your own network number in CIDR format.
Now you sit back and let the packets drop like flies