Add the abilty to block IPs by country

silver_2000 · Post by **silver_2000** » 13 Nov 2008, 21:53

Id love to see a built in applet that would make it easy for us newbies to select and block regions of the world by IP range

My servers serve mostly a US based auto enthusiast audience.

While CSF does a nice job of of blocking repeated attacks, after getting repeated attacks from China, Tiawan and some of the "stans" it would be easier to simply block them entirely.

I used to use an applet called ip to country that I still have somewhere that generates a list that can be added to the Iptables BUT it appears the way CSF manages the IP tables wipes the ranges added by the app

Post by **chirpy** » 07 Dec 2008, 17:21

This is coming in the next release.

silver_2000 · Post by **silver_2000** » 07 Dec 2008, 17:32

Excellent ...

silver_2000 · Post by **silver_2000** » 07 Dec 2008, 19:02

in the conf file it says this

# Warning: These lists are never 100% accurate and some ISP's (e.g. AOL) use
# non-geographic IP address designations for their clients
#
# Warning: Some of the CIDR lists are huge and each one requires a rule within
# the incoming iptables chain. This can result in significant performance
# overheads and could render the server inaccessible in some circumstances. For
# this reason (amongst others) we do not recommend using these options
#
# Warning: Due to the resource constraints on VPS servers this feature should
# not be used on such systems unless you choose very small CC zones

What are the other reasons for not using these options ?

Post by **chirpy** » 11 Dec 2008, 09:23

Mainly that they're arbitrary and not necessarily accurate. Also, the statistics tend to show that most attacks don't come from the sources many people expect.