[CentOS] iptables to block region-specific ip's?

Wed May 11 20:24:56 UTC 2011
David Mehler <dave.mehler at gmail.com>

Hello Everyone,
Thanks for all your suggestions. I have gone with iptables and blocked
off the necessary region ip blocks in my firewall. If anyone is
interested i'll send the list.
Thanks again.

On 5/11/11, Ljubomir Ljubojevic <office at plnet.rs> wrote:
> Robert Spangler wrote:
>> On Wednesday 11 May 2011 12:58, the following was written:
>>>  the atempts are from a certain registrar's region, I won't name it,
>> iptables -I INPUT -i eth0 -s x.x.x.x/24 -j DROP
> I do not consider /24 subnet a "region subnet". You would need to use
> something like sophisticated reverse DNS to resolve IP of the connection
>   and that would take time, not to mention problems with false positives
> and .com, etc. Only way would be if you would know physical locations of
> respective subnets.
> I use denyhosts that regularly pools new offenders IP's from protected
> systems all around a world. On my 3 servers, in last 5 months, I had
> only 114 e-mail reports of an ssh attempt. denyhosts uses hosts.deny,
> and currently I have ~7000 IP's blocked from there that are
> automatically blocked.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos