BlockList

[Vafin]

I succeeded. This option works. https://serveradmin.ru/blokirovka-dostupa-k-web-serveru-po-stranam-s-pomoshhyu-iptables/

 

[Rennato]

I succeeded. This option works. https://serveradmin.ru/blokirovka-dostupa-k-web-serveru-po-stranam-s-pomoshhyu-iptables/

How do I select the country?

 

[Rennato]

Using the xtables and the geoip would be more practical and lightweight, but some links are not working and can not install, that of the blacklist I can get has to arrow all the IP array

 

[Vafin]

Request blocking method using iptables+ipset

1) Install ipset
# apt install ipset

2) Run the script to add Ip addresses to the blacklist addipblacklist.sh (In my script blocked requests from the USA.).

3) Mount the blacklist in iptables.
# iptables -A INPUT -m set --match-set blacklist src -j DROP

 

[Vafin]

We're checking here before and after the lockdown.
https://ping-admin.ru/free_ping/
https://asm.ca.com/en/ping.php

 

[MehdiSele]

Request blocking method using iptables+ipset

1) Install ipset
# apt install ipset

2) Run the script to add Ip addresses to the blacklist addipblacklist.sh (In my script blocked requests from the USA.).

3) Mount the blacklist in iptables.
# iptables -A INPUT -m set --match-set blacklist src -j DROP

./block.sh: line 12: syntax error near unexpected token `do'

 

[rezak164]

Request blocking method using iptables+ipset

1) Install ipset
# apt install ipset

2) Run the script to add Ip addresses to the blacklist addipblacklist.sh (In my script blocked requests from the USA.).

3) Mount the blacklist in iptables.
# iptables -A INPUT -m set --match-set blacklist src -j DROP

You Tested And Working?

 

[Vafin]

You Tested And Working?

Everything works for me

 

[rezak164]

My server pings the United States

But I did what you said Vafin

 

[Vafin]

View attachment 1063
My server pings the United States

But I did what you said Vafin

You have a script works without error?
Ip addresses added to the blacklist?
Check this with the
# ipset-L blacklist command

 

[rezak164]

You have a script works without error?
Ip addresses added to the blacklist?
Check this with the
# ipset-L blacklist command

yes script runned
yes added the blacklist

root@gamec:~# ipset-L blacklist command
ipset-L: command not found

 

[rezak164]

its worked?

 

[Vafin]

yes script runned
yes added the blacklist

root@gamec:~# ipset-L blacklist command
ipset-L: command not found

Check if the rule is added to iptables?, it should be above all rules, at the very beginning.

# iptables -L INPUT -v -n

 

[rezak164]

Check if the rule is added to iptables?, it should be above all rules, at the very beginning.

# iptables -L INPUT -v -n

root@gamec:~# iptables -L INPUT -v -n
Chain INPUT (policy ACCEPT 14368 packets, 1430K bytes)
pkts bytes target prot opt in out source destination

 

[Vafin]

View attachment 1064
its worked?[/QUOT]
yeah, but I don't think your list is quite complete. I have it turned out much fuller.

 

[Vafin]

root@gamec:~# iptables -L INPUT -v -n
Chain INPUT (policy ACCEPT 14368 packets, 1430K bytes)
pkts bytes target prot opt in out source destination

 

[Vafin]

./block.sh: line 12: syntax error near unexpected token `do'

problem solution
https://unix.stackexchange.com/questions/390497/syntax-error-near-unexpected-token-do


Try dos2unix in script file. Sometimes some hidden characters are there in the source.
command:
dos2unix script_file.sh script_file.sh

 

[rezak164]

View attachment 1065

root@gamec:~# iptables -L INPUT -v -n
Chain INPUT (policy DROP 144 packets, 7794 bytes)
pkts bytes target prot opt in out source destination
7563 736K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
7563 736K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
147 7942 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0

 

[Vafin]

root@gamec:~# iptables -L INPUT -v -n
Chain INPUT (policy DROP 144 packets, 7794 bytes)
pkts bytes target prot opt in out source destination
7563 736K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
7563 736K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
147 7942 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
144 7794 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0

I don't see you have a rule with blacklist.

# iptables -A INPUT -m set --match-set blacklist src -j DROP

 

[rezak164]

I don't see you have a rule with blacklist.

# iptables -A INPUT -m set --match-set blacklist src -j DROP

root@gamec:~# iptables -L INPUT -v -n
Chain INPUT (policy DROP 2 packets, 104 bytes)
pkts bytes target prot opt in out source destination
19657 2750K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
19657 2750K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
484 29153 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
476 28753 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
476 28753 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
476 28753 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
2 84 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set blacklist src
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set blacklist src