ipset and iptables

My poor Amazon Tiny server with 512mb of memory is the one running this wordpress plus other 2.
Early this week I had major performance issues, I had placed many security scripts and used ipset with iptables
to block entire countries to access my site. Check out these posts on the bottom for details

So this time I did the other way around, I only allow one or two countries to access the site…

Got IP zones from the internet:

wget http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
gunzip -d all-zones.tar.gz ; tar -xvf all-zones.tar

Then with ipset

ipset create onlyita hash:net hashsize 64000
while read ip; do echo $ip ; done < it.zone


iptables -N countryfilter
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -j countryfilter
iptables -A countryfilter -m set --set onlyita src -j RETURN
iptables -A countryfilter -j DROP

Block IP bash script

iptables block country script

Leave a Reply

Your email address will not be published. Required fields are marked *