ipset and iptables

Got IP zones from the internet:

wget http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
gunzip -d all-zones.tar.gz ; tar -xvf all-zones.tar

Then with ipset

ipset create onlyita hash:net hashsize 64000
while read ip; do echo $ip ; done < it.zone

Iptables:

iptables -N countryfilter
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j countryfilter
iptables -A countryfilter -m set --set onlyita src -j RETURN
iptables -A countryfilter -j DROP

Block IP bash script

iptables block country script


]]>

Leave a Reply

Your email address will not be published. Required fields are marked *

*