ConfigServer Community Forum

I have started blocking large IP ranges to cut down on spam from spam friendly countries. It would be nice if CSF had an interface for selecting a country like China and having all the IP's for that country to be added to the firewall deny list.

Just a thought. I don't know how many people are blocking countries like I am.

-Daron

MaxRisk wrote:I have started blocking large IP ranges to cut down on spam from spam friendly countries. It would be nice if CSF had an interface for selecting a country like China and having all the IP's for that country to be added to the firewall deny list.

Just a thought. I don't know how many people are blocking countries like I am.

-Daron

I second this request - a much needed item and would be a great enhancement to csf!

Or just use some of the country DNSBL at:

http://countries.nerd.dk/

The list is quite extensive of the countries and you can pick your country at:

http://www.moensted.dk/spam/

You need to scroll down to see the nerd.dk listings but there are quite a few you can pick and choose from.

I've been using a few of them myself for quite a while now with no problems except maybe less spam

Chris

ckh wrote:Or just use some of the country DNSBL at:

http://countries.nerd.dk/

The list is quite extensive of the countries and you can pick your country at:

http://www.moensted.dk/spam/

You need to scroll down to see the nerd.dk listings but there are quite a few you can pick and choose from.

I've been using a few of them myself for quite a while now with no problems except maybe less spam

Chris

I guess I should have explained further my other reason for backing that feature request~
In addition to that and yes I agree and I use those filters - but in addition to the spam I also on some units block all traffic from china/korea north and south and russia and nigerian ip space.

The reason for this is specific types of sites prefer to reduce their fraud levels and enjoy just blocking all of that traffic even if they lose 1 customer they by far reduce the risk of fraud and blocking all that ip space with csf is currently quite difficult without a unit equipped with plenty of cpus and ram.

procam wrote:I guess I should have explained further my other reason for backing that feature request~
In addition to that and yes I agree and I use those filters - but in addition to the spam I also on some units block all traffic from china/korea north and south and russia and nigerian ip space.

The reason for this is specific types of sites prefer to reduce their fraud levels and enjoy just blocking all of that traffic even if they lose 1 customer they by far reduce the risk of fraud and blocking all that ip space with csf is currently quite difficult without a unit equipped with plenty of cpus and ram.

So are you hoping that integration in CSF would lower the ram/cpu requirements ?

I also would love to see this function added, Im using an ip2country script I found, its usable but not easy.

I would also like to block countries,

Since you were able to do it, can you advise how do we add this to the script

In the config i only see 2 different lists to block, where / how do i add more...

Thanks in advance, Greg.

generic wrote:I would also like to block countries,

Since you were able to do it, can you advise how do we add this to the script

In the config i only see 2 different lists to block, where / how do i add more...

Thanks in advance, Greg.

Here is the tool I use
http://fixingtheweb.com/country/blocking.html

Thankss for that, bit not what i want to do, sounds like a real resource hog. I just wanted to use the http://countries.nerd.dk/ rbl if possible and set it up just like any other DNSBL zone, just dont know how to do that.

silver_2000 wrote:Here is the tool I use
http://fixingtheweb.com/country/blocking.html

did you encounter any conflicts with the CSF firewall when you installed this blocking tool ??

Mickalo

I too am considering trying that tool, or possibly the list at http://www.okean.com/antispam/iptables/ ... .sinokorea

I'm also curious as to combining these with CSF. Is making changes to iptables with csf going to undo the additions done with either of these tools (or vica versa)? Is it possible to get too many lines in iptables? Any advice out there?