Hello Guest! Welcome to my website.

You can benefit from our privileges as a member of our site.

or Register

Blocking countries through Iptables (Firewall)

HarisHayat

Well-known member
Joined
Jul 31, 2021
Messages
78
Reaction score
3
Points
113
Location
Karachi
Hello mates!

I'm gonna share a useful tutorial/trick for my brothers and sisters!
Some servers of various locations like Pakistan, Bahrain, India & middle east locations like Dubai.
They have low percentage of DDoS Protection but can provide a bigger margin of Bandwidth which is useful to protect your server/VPS against DDoS "mini" attacks, sometimes it depends on how much Bandwidth your server have..


So, let's move to the steps to block countries!

Step-1:
First of all, you have to allow those countries in which your server should allow itself!
For CIDR IP Blocking:
- Go and visit Linux iptables for Countries and Create a notepad and paste all of generated IP Blocks and Press CTRL+H to replace "DROP" to "ACCEPT" to allow all IP blocks.

Step-2:
Secondly, Reject all Iptable rules except those you allowed before.
iptables -P INPUT DROP
Now, all countries will be blocked except those you allowed before.

Step-3:
Saving iptables permanently, so you don't have to repeat steps on every reboot of your server/VPS.
iptables-save
sudo /sbin/iptables-save > /etc/iptables/rules.v4
These two are important!

For checking saved rules, just type this:
cat /etc/iptables/rules.v4

For restoring the saved rules after reboot, do this:
sudo /sbin/iptables-restore < /etc/iptables/rules.v4 (Debian & Ubuntu)
sudo /sbin/iptables-save < /etc/sysconfig/iptables (CentOS & RHEL)

So that's it! it was very easy to do this.. I hope you will not face any issues while performing these tasks.

Thanks!
Haris.
 
Last edited:

Sagher

Well-known member
Joined
Jul 30, 2021
Messages
88
Reaction score
8
Points
113
Location
Pakistan
Thank you i really need that kind of security. but i have some doubts about country block.
So if i have a valid server connection from any specific country e.g. Canada. and also i got a DDos or any other attack from same country mostly hackers try to break ssh. so after it my valid connection also go to jail right?
for now i am using IP tracker who try to connect my ssh and put them into failban jail.
i need some more explanation from you. and also other members.
 

HarisHayat

Well-known member
Joined
Jul 31, 2021
Messages
78
Reaction score
3
Points
113
Location
Karachi
If you have chances to get DDoS from the same country, you can do one thing that Monitor those suspicious IPs or blacklisted IPs just block them through main firewall or Iptables, You can't do anything except this because from the same country you can also allow only yourself or your clients to access it but you can only block DDoS from the same country by monitoring the IPs and then block it through firewall or Iptables and if they changes IP then you have to monitor again and block them asap.. this is not an easy thing to do, but for safety of your server, it's necessary.
 

Sagher

Well-known member
Joined
Jul 30, 2021
Messages
88
Reaction score
8
Points
113
Location
Pakistan
Yes thats the main theme of my question. if we block country IP then all good or bad IPs are blocked. so the conclusion is in this case are to manually block those IPs with firewall like IPtables and ufw rules.
 

HarisHayat

Well-known member
Joined
Jul 31, 2021
Messages
78
Reaction score
3
Points
113
Location
Karachi
Yes thats the main theme of my question. if we block country IP then all good or bad IPs are blocked. so the conclusion is in this case are to manually block those IPs with firewall like IPtables and ufw rules.
Yeahhh, You can just block them to protect your server nicely.
 
Top