Blocking an entire country IP range or TLD with iptables

Friday, September 7th, 2007 at 12:16 pm | 6,790 views | trackback url

I’ve had some trouble on our production webservers from entire countries hammering and abusing the services we provide. It used to be a good chunk of Brazil, but now it appears to be Costa Rica.

I found this useful tool that lets me see the ranges used by these countries. For example, I put in and it returns this useful output:

Country = Costa Rica
Decimal IP Range = 3361423360 - 3361456127
Dot IP Range = -

From here, I use iptables and issue the following:

$IPTABLES -A INPUT -m iprange --src-range -p tcp -m tcp --dport 80 -j DROP

No more abuse from that entire country on port 80.

Last Modified: Friday, September 7th, 2007 @ 12:16

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 790 access attempts in the last 7 days.