I want to block all traffic that does not originate from my country (Australia)
Best way to do this is using IPTables, Australia alone has around 4500 IP ranges to block.
What I did was download the ranges from Maxmind in CSV format, link
So we need to covert the format of the CSV file to a format IPTABLES can import, I wrote the following script.
Change the country name to match your country, it will work.
|
1 2 3 4 |
for i in `cat GeoIPCountryWhois.csv | grep Australia` do echo $i| awk -F ',' '{print "/sbin/iptables -A INPUT -m iprange --src-range "$1"-"$2 " -j ACCEPT"}' done > /root/iptables |
This will produce the whitelist required to block all other IPs, you will also need to append a deny all at the end, so this.
|
1 |
iptables -A INPUT -j DROP |
