[CentOS] iptables to block region-specific ip's?

Wed May 11 19:48:04 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Robert Spangler wrote:
> On Wednesday 11 May 2011 12:58, the following was written:
>>  the atempts are from a certain registrar's region, I won't name it,
> 
> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP

I do not consider /24 subnet a "region subnet". You would need to use 
something like sophisticated reverse DNS to resolve IP of the connection 
  and that would take time, not to mention problems with false positives 
and .com, etc. Only way would be if you would know physical locations of 
respective subnets.

I use denyhosts that regularly pools new offenders IP's from protected 
systems all around a world. On my 3 servers, in last 5 months, I had 
only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny, 
and currently I have ~7000 IP's blocked from there that are 
automatically blocked.