Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

How to block IP address by country range using ipset?

Discussion in 'Server Security' started by krstopa, Nov 21, 2018.

  1. krstopa

    krstopa New Member

    Joined:
    Nov 21, 2018
    Messages:
    1
    Likes Received:
    0
    I need to block web traffic from a certain country. I can export a free IP address list using IP2Location firewall list generator. The sample output format in CIDR is as below. There are other formats but I'm not sure if it is supported by ipset or not.


    (Log in to hide this advertisement)


    What should I do next to import the list to enable blocking using ipset? I don't want to enter it manually. I prefer a simple script to load all IP addresses and blocking them.

    Code:
    # -------------------------------------------------------
    # Free IP2Location Firewall List by Country
    # Source: https://www.ip2location.com/free/visitor-blocker
    # Last Generated: 21 Nov 2018 11:20:13 GMT
    # [Important] Please update this list every month
    # -------------------------------------------------------
    154.127.96.135/32
    192.245.148.0/24
    193.41.146.0/23
    193.194.64.0/19
    193.251.144.0/24
    193.251.152.0/24
     
  2. Lazydog

    Lazydog Member

    Joined:
    Jul 27, 2017
    Messages:
    83
    Likes Received:
    63
    Look at fail2ban for their ipset script. With that and a bit of modification you should be able to import the list.
     
  3. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    378
    Likes Received:
    826

Share This Page