Subj : Re: Block IPs based on Location
To   : Compctech
From : Wilfred van Velzen
Date : Fri Feb 28 2025 17:59:50

Hi Compctech,

On 2025-02-28 10:47:03, you wrote to All:

 Co> I apologies if I am posting in the wrong location.  I am getting a lot
 Co> of login attempts from China and other Asian countries.  It does not
 Co> surprise me, but has anyone tried doing IP blocking by country,  I
 Co> don't like the idea, but with as much attempts I am getting, it's
 Co> filling up my logs. I see how I can do it with UFW, but just need a
 Co> good source of IP Blocks.  CIDR notations would be great.

Yes you can get the IP block ranges by country at http://www.ipdeny.com/

For example I do this in a script for some countries (not my fido machine though, because there are a lot of fido systems in russia):

wget -q -O zone.belarus     http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
wget -q -O zone.china       http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget -q -O zone.iran        http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
wget -q -O zone.north-korea http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
wget -q -O zone.russia      http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

After this I feed the files to fail2ban with these commands:

fail2ban-client restart --unban countries
fail2ban-client set countries banip $(<zone.north-korea )
fail2ban-client set countries banip $(<zone.belarus     )
fail2ban-client set countries banip $(<zone.china       )
fail2ban-client set countries banip $(<zone.iran        )
fail2ban-client set countries banip $(<zone.russia      )

And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this section:

[countries]
filter = manual
banaction = %(banaction_allports)s
bantime = -1
enabled = true


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
 * Origin: FMail development HQ (2:280/464)

.