First page Back Continue Last page Overview Graphics
Locking Down Your Firewall
Geographic IP Blocking
(New material not in the book)
Block Unwanted IP-Blocks Based on Country or Continent:
To Block by TLD Country Codes: Go to http://ip.ludost.net/ and enter the country TLD codes that you want to block from your network (e.g. .cn .kr .ru .pl) on ports you wish to deny them (e.g. port 25 to block spam from these countries)
To Block by Continental RIR: Go to IANA's world RIR assigned IP-blocks for all the continents (http://www.iana.org/assignments/ipv4-address-space) to block at the continental IP-block level. For example, to block all of Asia, IANA shows these /8 IP-blocks in use by APNIC (the Asian RIR), and the shell code to block them:
- File “Blocked-IPs.txt”:
059.0.0.0/8 210.0.0.0/8
060.0.0.0/8 211.0.0.0/8
061.0.0.0/8 212.0.0.0/8
125.0.0.0/8 218.0.0.0/8
126.0.0.0/8 219.0.0.0/8
127.0.0.0/8 220.0.0.0/8
203.0.0.0/8 221.0.0.0/8
204.0.0.0/8 222.0.0.0/8
209.0.0.0/8 223.0.0.0/8
Notes: