Accéder au contenu principal

Blocking countries using ipset via iptables

This script will block the specific countries you've asked of it to block.


#!/bin/sh
#Block specific countries from hitting your server (CentOS)

#Install ipset if you dont have it
yum install ipset -y
#Countries to block
#china, france, germany, russian federation, united arab emirates
#Create the initial rules in ipset based on hast:net
for a in {china,france,germany,russia,uae,canada,australia}; do ipset -N $a hash:net; done

#Download the necessary files from ipdeny
wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/fr.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/de.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/ru.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/ae.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/ca.zone
wget -P . http://www.ipdeny.com/ipblocks/data/countries/au.zone
#Add each IP address from the downloaded list into the ipset you've created
for a in $(cat /root/cn.zone ); do ipset -A china $a; done
for b in $(cat /root/fr.zone ); do ipset -A france $b; done
for c in $(cat /root/de.zone ); do ipset -A germany $c; done
for d in $(cat /root/ru.zone ); do ipset -A russia $d; done
for e in $(cat /root/ae.zone ); do ipset -A uae $e; done
for f in $(cat /root/ca.zone ); do ipset -A canada $f; done
for g in $(cat /root/au.zone ); do ipset -A australia $g; done
#Backup the iptables
/sbin/iptables-save > /root/iptables.$(date '+%Y%m%d')
#Add the following loop statement into your iptables to block the countries you want
for a in {china,france,germany,russia,uae,canada,australia}; do iptables -I INPUT -p tcp -m set --match-set $a src -j DROP; done
#Save the current configuration for iptables
service iptables save



UN AUTRE SCRIPT 
https://tecadmin.net/allow-server-access-based-on-country/

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Zimbra install let's encrypt

 https://inguide.in/how-to-install-free-ssl-certificate-on-zimbra-mail-server/ Je change le domaine  ingu.pw In the article  Install Zimbra Mail Server o n CentOS 8, we learned to install Zimbra on CentOS. This article discusses the steps required to install the Let’s Encrypt free SSL certificate in Zimbra. Installing Free SSL Certificate on Zimbra: Method 1 This method is a proven one though you have to manually do all the steps. Another method discussed below is partially automatic, which might come in handy if you didn’t encounter any error during installation (working at the time of writing this article). So, let’s begin with method 1. First of all, add  epel repository  to the server 1 [root@mail ~]# yum -y install epel-release Install snapd Now, install  snapd  package with the following command 1 [root@mail ~]# sudo yum install snapd After the above step, you need to enable snapd. 1 [root@mail ~]# sudo systemctl enable --now snapd.socket Sometim...
Enregistrer un commentaire
Lire la suite

Open Media Vault NAS change password

Known Root Password Login to the OMV using the root user and the current password via SSH or Console enter the following command passwd root The new password is now active. Unknown Root Password, but Admin Access to OMV GUI is Available In this scenario we still can help ourselves with the GUI. The method we use is, that we create a cron job for the root user which then resets the password. Navigate to System -> Cron Jobs Press the +Add button UN-tick the enabled box, so that the cronjob does not run automatically. put into the command field the following line, replace newpasswd with your password: echo "root:newpasswd" | chpasswd press okay select the newly created cron job Click the run button. in the opening window click the start button. It will shortly deactivate and activate again. open ssh or console and login as root with your new password. Root and Admin Password Unknown If you do not know the root password, you need to boot with a Li...
Enregistrer un commentaire
Lire la suite

cPanel DDOS attack - Mitigate Slowloris Attacks - mod_qos

Apache mod_evasive Mod_evasive is a module available for the Apache HTTP server that can automatically block attacks by rate-limiting any IP that sends too many requests in a short time. Start by installing the module from WHM’s  EasyApache 4  interface. Select the  Currently Installed Packages  profile, search for  mod_evasive  in the  Apache Modules  section, and then install it. The default settings are good for most servers, but you can tweak them further by editing the configuration file  /etc/apache2/conf.d/300-mod_evasive.conf . You can also whitelist specific IP addresses or classes, so legitimate requests are not blocked. Configure CSF to block attacks While  mod_evasive  works very well, it only protects the Apache webserver. In order to harden other services as well, you can install the free  ConfigServer Security & Firewall  (CSF), which also includes a WHM plugin. As the  root  user, install CSF ...
Enregistrer un commentaire
Lire la suite