Blocking an entire country IP range or TLD with iptables

Friday, September 7th, 2007 at 12:16 pm | 4,941 views | trackback url

I’ve had some trouble on our production webservers from entire countries hammering and abusing the services we provide. It used to be a good chunk of Brazil, but now it appears to be Costa Rica.

I found this useful tool that lets me see the ranges used by these countries. For example, I put in 200.91.76.117 and it returns this useful output:

Country = Costa Rica
Decimal IP Range = 3361423360 - 3361456127
Dot IP Range = 200.91.64.0 - 200.91.191.255

From here, I use iptables and issue the following:

$IPTABLES -A INPUT -m iprange --src-range 201.192.0.0-201.207.255.255 -p tcp -m tcp --dport 80 -j DROP

No more abuse from that entire country on port 80.

Last Modified: Friday, September 7th, 2007 @ 12:16

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 491 access attempts in the last 7 days.