Best script ever http://www.howtoforge.com/blocking-ip-addresses-of-any-country-with-iptables
##!/bin/bash ####PUT HERE COMA SEPARATED LIST OF COUNTRY CODE### #COUNTRIES="AK,AR" #WORKDIR="/root" ######################################## #cd $WORKDIR #wget -c --output-document=iptables-blocklist.txt http://blogama.org/country_query.php?country=$COUNTRIES #if [ -f iptables-blocklist.txt ]; then # iptables -F # BLOCKDB="iptables-blocklist.txt" # IPS=$(grep -Ev "^#" $BLOCKDB) # for i in $IPS # do # iptables -A INPUT -s $i -j DROP # iptables -A OUTPUT -d $i -j DROP # done #fi #rm $WORKDIR/iptables-blocklist.txt
I just used the tables from ipdeny and not the blogama lists.
Worked like a charm. Postfix is huppy running with real people that want to send mail and not bots.
Sensoring the web???? dont think so. I've had it.
I've block cn, br, ar at least and my systems are soooooo huppy. My logs tooo.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου