Using the Iptables mask to specify IP or regional IP addresses

Since the use of the VPS, found that a large number of network attacks exist all the times, such as the scan port, was brute force, was guessing the background password, spam comment harassment. For some time, I have found most IP attacks from Russia and Turkey, while my site is Chinese and most of the readers come from China. So shielding the IP segment of both countries is not going to affect site access, but it will reduce attacks.
So how do you shield the IP from Russia and Turkey? (Please extrapolate, shielding other countries IP method is the same)

The Internet circulated the list of IP addresses in IPDeny, Russia and Turkey are all empty, so I found Countryipblocks (need to flip, domestic IP inaccessible), select Russia and Turkey, the generation of CIDR, respectively copied and saved as Ru.zone and Tr.zone.

　　

After acquiring all the IP addresses of the country, it is easy to block these IPs by writing a script to read Ru.zone and Tr.zone files and add them to the iptables.

Local download http://file.111cn.net/upload/2014/1/block_ru_tr.sh

How to use:

wget http://file.111cn.net/upload/2014/1/block_ru_tr.sh
chmod +x block_ru_tr.sh
./block_ru_tr.sh

When the script finishes executing, the screen log is in the Blockedip.log file in the current directory. There are 8791 lines.

When the script was tested, it was found that execution in the OpenVZ VPS would appear "iptables:memory allocation problem." Error due to the OpenVZ of the VPS because of the serious lack of memory allocation. Executing on a Xen VPS is no problem at all.

In fact, you can also use the. htaccess rules to restrict IP access in both countries. The method is as follows:
On the Countryipblocks page, select. htaccess Deny, then select Country Russian Federation and TURKEY, click on the "creat ACL" button to generate. htaccess rules. Copy and paste into the text file, upload to the WordPress root directory, and renamed to. htaccess, if the file already exists, you need to add the online generated. htaccess mask IP rule to # BEGIN WordPress and # End WordPress can be between.

The above is in the country as a unit, if just filter the specified IP can refer to the following method

Iptables Shielded IP

Iptables-i input-s 202.77.176.106-j DROP

An entire paragraph, the order from 192.0.0.1 to 192.255.255.254.

Iptables-i input-s 192.0.0.0/8-j DROP
Prohibit IP paragraph when to see the amount of clearance, do not bar their own IP added to the amount of OH