ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Add the abilty to block IPs by country

https://mail.forum.configserver.com/viewtopic.php?t=1837

Page 1 of 1

Add the abilty to block IPs by country

Posted: 13 Nov 2008, 21:53
by silver_2000
Id love to see a built in applet that would make it easy for us newbies to select and block regions of the world by IP range

My servers serve mostly a US based auto enthusiast audience.

While CSF does a nice job of of blocking repeated attacks, after getting repeated attacks from China, Tiawan and some of the "stans" it would be easier to simply block them entirely.

I used to use an applet called ip to country that I still have somewhere that generates a list that can be added to the Iptables BUT it appears the way CSF manages the IP tables wipes the ranges added by the app

Posted: 07 Dec 2008, 17:21
by chirpy
This is coming in the next release.

Posted: 07 Dec 2008, 17:32
by silver_2000
Excellent ...

Posted: 07 Dec 2008, 19:02
by silver_2000
in the conf file it says this
# Warning: These lists are never 100% accurate and some ISP's (e.g. AOL) use
# non-geographic IP address designations for their clients
#
# Warning: Some of the CIDR lists are huge and each one requires a rule within
# the incoming iptables chain. This can result in significant performance
# overheads and could render the server inaccessible in some circumstances. For
# this reason (amongst others) we do not recommend using these options
#
# Warning: Due to the resource constraints on VPS servers this feature should
# not be used on such systems unless you choose very small CC zones
What are the other reasons for not using these options ?

Posted: 11 Dec 2008, 09:23
by chirpy
Mainly that they're arbitrary and not necessarily accurate. Also, the statistics tend to show that most attacks don't come from the sources many people expect.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited