Let’s say you want to completely ban a country from accessing your servers.. E.g. : countries that have very shallow internet laws
Note : in regards to Epe’s comment, this article has been updated with a newer script, which should be doing a better job. Please drop me a comment, I’d love to hear feedback !
This script will parse the RIPE database and generate the iptables rules automatically..
Download the script here : https://www.wains.be/pub/update_country_block_list
The output would look like this :
-A INPUT -s 184.108.40.206/18 -m state --state NEW -j DROP -A INPUT -s 220.127.116.11/18 -m state --state NEW -j DROP -A INPUT -s 18.104.22.168/20 -m state --state NEW -j DROP
Or like this if you just want blocks :
22.214.171.124/18 126.96.36.199/18 188.8.131.52/20
You can use the output with iptables or any other firewall