[Dshield] Re: Blocking IP's from Certain Countries (was list Digest, Vol 13, Issue 15)

william@elan.net william at elan.net
Sat Jan 10 14:13:49 GMT 2004


I don't normally participate on this maillist beyond reading digest, but 
since this question is asked reguarlly, I'll quickly mention that we have 
list of ips from countries available (right now its based on RIR statistics
files, whois list is coming in the future as well as routing based lists, 
it'll take many months before you see those however).
You can find list of these blocks at
 http://www.completewhois.com/statistics/data/ips-bycountry/rirstats/
or at (temporary location):
 ftp://ftp.completewhois.com/bogons/data/data-ipsbycountry/rirstats/

Inside the directories are files XX-cidr.txt and XX-netrange.txt where
XX is ISO country code. The files are updates daily at about 5am Pacific 
time based on ARIN, APNIC, RIPE, LACNIC data.

Also for linux firewalls, I have several scripts done originally for 
bogons project that can be adapted to above country lists:
 http://www.completewhois.com/bogons/data/scripts/cidr2iptables
  - above script will convert cidr based ip list to shell script to 
    install or update iptables chain, be sure to modify $chainname before 
    running script for country lists
 http://www.completewhois.com/bogons/data/scripts/bogon_iptable_update
  - this script should be ran daily from cron and will fetch list of 
    blocks and run cidr2iptables to update the chain. Again remember
    to modify all the variables if you use it

If you use different firewall devices, check documentation on how to install
firewall block based on list of ip blocks in standard cidr format, most 
firewalls have this capability and some are able to do automatic updates 
as well.

---
William Leibzon
Elan Networks
william at elan.net

------------------------------------------------------------------
Date: Fri, 9 Jan 2004 11:53:00 -0500
From: mbwior at cox.net
Reply-To: General DShield Discussion List <list at dshield.org>
To: list at dshield.org
Subject: [Dshield] Blocking IP's from Certain Countries

Does anyone have an idea as to how I would block out certain countries 
from gaining access to my demo server?

The situation is this, we have a demo server that we allow anonymous users 
to hook up to and download our software for use on a trial basis.

However the use of our software does not extend itself to use in other
countries; nor do we want it to go there for reverse engineering and 
copyright purposes.

Any ideas?

Thanks for all help in advance,




More information about the list mailing list