geoblock

using this scripts, you can block traffic by region via iptables. e.g. you want to stop the ssh-attacks from china ?

how it works:

in conf/ there are files 'country_block.xx.conf' -- the 'xx' is the port-number ( eg. 22 for ssh, 80 for web, .. )
in the file, there is the 2-digit country-code.. CN=china, US=usa, ...
so you can block on each port different countries. -- this is on iptables level with DROP. -- it will also kick-out search-engines (maybe you want ?)
real hackers will not work "from home" but from some other IPs

example:

you/your server is in france.
you see many attacks from UA, CN, JP, KR on ssh.
there will be no real connects from these countries ( vacation, anyone ?) -- block them.

there are other ways, like

fail2ban. find a list of similar stuff here: http://alternativeto.net/software/fail2ban/

real example:

on startup, call 'do_iptables.sh' -- it will load the list, set the ip-table rule. -- add to the rc.local ?
if you want to refresh the list, run 'set_relaod_list.sh' -- this refreshes the list via web. IP-lists via ipdeny.com -- you want to do this maybe once a week (and is done at startup)

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
conf		conf
munin		munin
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
do_iptables.sh		do_iptables.sh
set_iplist.sh		set_iplist.sh
set_reload_list.sh		set_reload_list.sh
unit_tests.sh		unit_tests.sh

Provide feedback