{"id":207,"date":"2004-08-11T14:25:56","date_gmt":"2004-08-11T13:25:56","guid":{"rendered":"http:\/\/wp.devco.net\/?p=207"},"modified":"2009-10-09T17:19:11","modified_gmt":"2009-10-09T16:19:11","slug":"more_country_blocking","status":"publish","type":"post","link":"https:\/\/www.devco.net\/archives\/2004\/08\/11\/more_country_blocking.php","title":{"rendered":"More country blocking"},"content":{"rendered":"
After blocking China and Korea<\/a> recently I have still been getting quite a bit of scans and unfriendly traffic. Especially people who have been trying to log into my SSH servers with some simple user accounts like guest or by trying root logins. It’s purely automated and hit all my IP addresses. This comes from Japan mostly so I decided it is time to rid my world of the Japanese as well. After blocking China and Korea recently I have still been getting quite a bit of scans and unfriendly traffic. Especially people who have been trying to log into my SSH servers with some simple user accounts like guest or by trying root logins. It’s purely automated and hit all my IP addresses. This comes from […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","footnotes":""},"categories":[7],"tags":[10,63,29],"_links":{"self":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/207"}],"collection":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/comments?post=207"}],"version-history":[{"count":1,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/207\/revisions"}],"predecessor-version":[{"id":783,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/posts\/207\/revisions\/783"}],"wp:attachment":[{"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/media?parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/categories?post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devco.net\/wp-json\/wp\/v2\/tags?post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nProblem was getting a good source for IP ranges. Turns out Maxmind<\/a> publish their GeoIP Free Country<\/a> database in CSV format<\/a> as well, so then it was just a matter of writing up a tool to take their ranges of IP’s and create cidr notation entries and produce ipfw commands from those.
\nI got a bit of code from Gary Colman<\/a> to do the translation from ranges to cidr notation and built that into my existing firewall builder script.<\/p>\n","protected":false},"excerpt":{"rendered":"