Subj : Re: Block IPs based on Location To : Wilfred van Velzen From : Compctech Date : Fri Feb 28 2025 18:50:53 > Hi Compctech, > On 2025-02-28 10:47:03, you wrote to All: > Yes you can get the IP block ranges by country at http://www.ipdeny.com/ > For example I do this in a script for some countries (not my fido machine > though, because there are a lot of fido systems in russia): > wget -q -O zone.belarus > http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone > wget -q -O zone.china > http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone > wget -q -O zone.iran > http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone > wget -q -O zone.north-korea > http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone > wget -q -O zone.russia > http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone > After this I feed the files to fail2ban with these commands: > fail2ban-client restart --unban countries > fail2ban-client set countries banip $( fail2ban-client set countries banip $( fail2ban-client set countries banip $( fail2ban-client set countries banip $( fail2ban-client set countries banip $( And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this > section: > [countries] > filter = manual > banaction = %(banaction_allports)s > bantime = -1 > enabled = true > Bye, Wilfred. > --- FMail-lnx64 2.3.2.4-B20240523 > * Origin: FMail development HQ (2:280/464) > � Synchronet � Vertrauen � Home of Synchronet � > [vert/cvs/bbs].synchro.net Thanks!!! I think that did it. China is the worst when coming to attempts to brake into stuff. At my last job (10+ Years ago) we setup a honeypot system that we would use to build block lists and it also reported back to a network of honeypot that would pool the IPs together. Now I am trying to remember what that honeypot net was. Sam L. LSNET Archive --- ■ Synchronet ■ LSNET Archive - Archiving Software for the Future * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .