Using the Iptables mask to specify IP or regional IP addresses

Source: Internet
Author: User
Tags vps iptables

Since the use of the VPS, found that a large number of network attacks exist all the times, such as the scan port, was brute force, was guessing the background password, spam comment harassment. For some time, I have found most IP attacks from Russia and Turkey, while my site is Chinese and most of the readers come from China. So shielding the IP segment of both countries is not going to affect site access, but it will reduce attacks.
So how do you shield the IP from Russia and Turkey? (Please extrapolate, shielding other countries IP method is the same)

The Internet circulated the list of IP addresses in IPDeny, Russia and Turkey are all empty, so I found Countryipblocks (need to flip, domestic IP inaccessible), select Russia and Turkey, the generation of CIDR, respectively copied and saved as Ru.zone and Tr.zone.

  


After acquiring all the IP addresses of the country, it is easy to block these IPs by writing a script to read Ru.zone and Tr.zone files and add them to the iptables.

Local download http://file.111cn.net/upload/2014/1/block_ru_tr.sh

How to use:

wget http://file.111cn.net/upload/2014/1/block_ru_tr.sh
chmod +x block_ru_tr.sh
./block_ru_tr.sh

When the script finishes executing, the screen log is in the Blockedip.log file in the current directory. There are 8791 lines.

When the script was tested, it was found that execution in the OpenVZ VPS would appear "iptables:memory allocation problem." Error due to the OpenVZ of the VPS because of the serious lack of memory allocation. Executing on a Xen VPS is no problem at all.

In fact, you can also use the. htaccess rules to restrict IP access in both countries. The method is as follows:
On the Countryipblocks page, select. htaccess Deny, then select Country Russian Federation and TURKEY, click on the "creat ACL" button to generate. htaccess rules. Copy and paste into the text file, upload to the WordPress root directory, and renamed to. htaccess, if the file already exists, you need to add the online generated. htaccess mask IP rule to # BEGIN WordPress and # End WordPress can be between.

The above is in the country as a unit, if just filter the specified IP can refer to the following method

Iptables Shielded IP

Iptables-i input-s 202.77.176.106-j DROP

An entire paragraph, the order from 192.0.0.1 to 192.255.255.254.

Iptables-i input-s 192.0.0.0/8-j DROP
Prohibit IP paragraph when to see the amount of clearance, do not bar their own IP added to the amount of OH

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.