[CentOS] iptables to block region-specific ip's?

Wed May 11 19:08:10 UTC 2011
Robert Spangler <mlists at zoominternet.net>

On Wednesday 11 May 2011 12:58, the following was written:

>  I'm running fail2ban on my centos machine. It's handling sshd and
>  postfix, and is working quite well. From the reports I'm seeing all
>  the atempts are from a certain registrar's region, I won't name it,
>  and was wondering instead of blocking individual ip's if there was a
>  way I could block with iptables the complete region of ip's. I realize
>  this will cut off a good majority of the world, but this is something
>  i'm still curious about?

iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP

Replace the x's with the start of the ip address range you want to block and 
also make sure you are using the correct bit mask for that range.  If the 
interface is something other then eth0 then you will need to replace that too 
with the correct interface.  The '-I' will place this rule as the very first 
rule in the chain.  If you are using a passthrough box then replace INPUT 
with FORWARD.

>  With regards blocking ip's and fail2ban, which method is better in
>  terms of system resources, blocking via iptables as in the case of
>  sshd or blocking via hosts.deny as in the case of postfix?

I don't know the answer to this.  I prefer IPTABLES.


-- 

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/