6/25/2023 0 Comments Opensuse 42.3 ssh shellWhile orchestrated and methodical hacks won't be mitigated by a simple country block list, everything else will be blocked, especially spam. Pretty much anything else comes via a European or American proxy, but that is easy to mitigate, once I file an abuse report to their network provider, the proxy is usually shut down rather quickly. Personally, I run many major European sites and based on my logs, I block the following countries: ar bd bg br by cn co il in ir kp ly mn mu pa sd tw ua ro ru ve vnĪfter block the above countries, SPAM and hacking attempts dropped to nearly zero. I can't tell you what to block, it all depends on what kind of service you provide and the location of your "real" requests. Once extracted you should end up with various files, each named after a country, for example "cn.zone" for China. The above command will download all country zones together in one archive. –option=hashsize = the initial hash size of the listĬhoose which countries you would like to block, provides net blocks by country. –option=family = IPv4 or IPv6 network, inet is for IPv4 –type = storage hash type, "net" is for subnets, while "ip" for individual ip addresses –new-ipset = name of the new IP/net blacklist * –permanent = use to make changes to the permanent configuration At the same time I will demonstrate how to block entire countries from being able to access your server.Ĭreate the blacklist: firewall-cmd -permanent -new-ipset=blacklist -type=hash:net -option=family=inet -option=hashsize=4096 -option=maxelem=200000 Here is a quick and easy way to create an IP/net blacklist by using the new firewall-cmd commands. In recent versions of firewalld, the developers implemented support for ipset from within firewalld, thus there is no need to setup ipset separately. In a previous post, I mentioned how to create an ipset blacklist.
0 Comments
Leave a Reply. |