I'm having DDoS attacks and brute force, my clients are only from a Latin American country and I did not find attacks from that country, so I think my solution would be to find a way to block ips from all countries except the country of my clients, but I can not find any correct information, please help.
Asked
Active
Viewed 441 times
2 Answers
0
Unlike what other people say, i've had some people asking the same question.
You can get ip ranges from specific countries from http://www.ipdeny.com/ipblocks/
Using Powerscript to automaticly create firewall rules in Windows Firewall based on the downloaded files.
Sadly i cannot share the script i used. However i found a blog explaining the same technique with script included. https://www.gregsitservices.com/blog/2016/02/blocking-unwanted-countries-with-windows-firewall/
-
maybe i can use it in Windows Firewall, my question is if this it possible? – marjes Aug 31 '17 at 20:46
-
Why would it not be possible? – eKKiM Aug 31 '17 at 20:47
-
you can tell me the best way to do it? – marjes Aug 31 '17 at 20:48
-
Follow the steps on the blog i provided in the link? – eKKiM Aug 31 '17 at 20:49
0
As eKKiM said you can use http://www.ipdeny.com/ipblocks/ as source for country zones. You must create one shell script to get your zone often and put it in crontab. Something like:
#!/bin/sh
BGPEER_FILE="BGPEERING.IPs"
BGPEER_URL="http://www.ipdeny.com/ipblocks/data/aggregated/br-aggregated.zone"
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
### DOWNLOAD BG-PEERING IPs ###
wget -T 10 -t 1 -nd -O "/etc/rc.d/firewall/$BGPEER_FILE.tmp" "$BGPEER_URL" >/dev/null 2>&1
if [ "x$?" != "x0" ]; then
rm "/etc/rc.d/firewall/$BGPEER_FILE.tmp"
exit $?
fi
egrep -v '^#' "/etc/rc.d/firewall/$BGPEER_FILE.tmp" > "/etc/rc.d/firewall/$BGPEER_FILE"
rm "/etc/rc.d/firewall/$BGPEER_FILE.tmp"
/etc/rc.d/rc.firewall
Then create iptables rules to have access only from your country. Be very careful with iptable, my firewall script is very restrictive!
rc.firewall:
#!/bin/bash
OutI="eth0"
OutIP="192.168.0.150"
iptables="/usr/sbin/iptables"
echo="/bin/echo"
ma="/etc/rc.d/firewall/BGPEERING.IPs"
if [ -f $ma ]
then
for ip in `cat $ma`
do
$iptables -A INPUT -s $ip -d $OutIP -p tcp -j ACCEPT
done
fi
ma2="/etc/rc.d/firewall/BGPEERING.IPs"
if [ -f $ma2 ]
then
for ip in `cat $ma2`
do
$iptables -A INPUT -s $ip -d $OutIP -p udp -j ACCEPT
done
fi
# Drop all other incoming traffic
$iptables -A INPUT -d $OutIP -p tcp -j DROP
$iptables -A INPUT -d $OutIP -p udp -j DROP
Of course edit both scripts and put correct values.
Vasil Petrov
- 21
- 3