Hy there! I'm rinnung a virtual server at hosteurope.de First I used PLESK, but it is quite heavy to run for the vserver. So I tried ISPConfig. Ubuntu 8.04.1 fresh installed with ISPConfig3. It runs like a charm! Now, I want to block Asianet and some other countries with my firewall. On PLESK I used the integrated firewall-settings -have a look at the attachment- How can I accomplish this with ISPConfig? I tried to follow HOWTO: Implement iptables blocking by Country but I ran into some serious incompatibilities with Ubuntu 8.04 my regards
Check out my post about blocking by countries. HOWTO: Implement iptables blocking by Country Hopefully that will help you out.
Sure you do with that list. Where have you find list like that? Even firs 58.*-rule blocks networks from: Afghanistan Australia Bangladesh China Hong India Indonesia Japan Korea Malaysia New Zealand Pakistan Philippines Singapore Taiwan Thailand Vietnam I did not even bother to check out rest of them. They are _way_ too much. Currently Maxmind's GeoIP-database has 289 net-blocks from Asia. With your current firewall implementation you need 289 for Asia-rules to prevent blocking countries you (or your clients?) don't want to block. I suggest you try again with drewb0y's HOWTO.
I created it. I blocked the complete APNIC Range, and some of the AFRINIC ranges. You can find the ranges here: some AFRINIC APNIC some more Now I added the DROPs to my iptables with the following commandline commands: Code: iptables -I INPUT -s 58.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 59.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 60.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 61.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 121.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 122.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 123.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 124.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 125.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 126.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 202.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 203.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 210.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 211.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 218.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 219.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 220.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 222.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 200.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 201.0.0.0/255.0.0.0 -j DROP iptables -I INPUT -s 66.196.0.0/255.255.0.0 -j DROP iptables -I INPUT -s 206.141.193.0/255.255.255.0 -j DROP iptables -I INPUT -s 180.168.0.0/255.255.0.0 -j DROP
Seems that you know how widely you are blocking countries, so i don't blame you more You are doing it right way. Currently used firewall implementation does not allow to insert custom rules.
