Hi folks,
Looking at my server logs and seeing constant automated attacks (luckily, so far unsuccessful), I came up with an idea to implement an automated solution for blocking traffic from anywhere outside my country. My server doesn't need to be accessible from abroad, and obviously most (in fact, all) of the malicious attempts come from there. So geoip blocking based on a whitelist is a simple and effective way to improve my server security.
All that led me to sit down and write a suite of bash scripts that implement just that.
Basically the scripts fetch ip list for my country from RIPE (regional Internet registry for Europe, the Middle East and parts of Central Asia), parse it, validate it, add my local network subnet to it, and then configure the iptables firewall to only allow connections from subnets on that list. They also add cron jobs that run periodically and on reboot to keep the list up to date.
I've been gradually improving the scripts for the past week or so, and testing them on my server. So far so good, and malicious bots connections dropped literally to zero.
So I want to share this solution with the community, in the hope that people will find it useful.
I am interested to hear your thoughts about the code, or about bugs if you find any. I am really not a professional coder, so I expect to hear some critique and learn from it.
The code is stored on Github. It comes with an install script to make setup hopefully easy and painless. An uninstall script is also included.
github.com
I'm running Debian on my server, so I'm reasonably sure that the scripts will work on most Debian derivatives like Ubuntu and Mint. Not sure about other distros, but feel free to test and let me know.
P.s. I tried my best to make the code as fault resistant as possible, so I don't expect it to break your system or cause any major issues (unless misconfigured). However, I recommend you to review the code and test by yourself before permanent deployment.
Looking at my server logs and seeing constant automated attacks (luckily, so far unsuccessful), I came up with an idea to implement an automated solution for blocking traffic from anywhere outside my country. My server doesn't need to be accessible from abroad, and obviously most (in fact, all) of the malicious attempts come from there. So geoip blocking based on a whitelist is a simple and effective way to improve my server security.
All that led me to sit down and write a suite of bash scripts that implement just that.
Basically the scripts fetch ip list for my country from RIPE (regional Internet registry for Europe, the Middle East and parts of Central Asia), parse it, validate it, add my local network subnet to it, and then configure the iptables firewall to only allow connections from subnets on that list. They also add cron jobs that run periodically and on reboot to keep the list up to date.
I've been gradually improving the scripts for the past week or so, and testing them on my server. So far so good, and malicious bots connections dropped literally to zero.
So I want to share this solution with the community, in the hope that people will find it useful.
I am interested to hear your thoughts about the code, or about bugs if you find any. I am really not a professional coder, so I expect to hear some critique and learn from it.
The code is stored on Github. It comes with an install script to make setup hopefully easy and painless. An uninstall script is also included.
GitHub - blunderful-scripts/geoblocker_bash: Automatic geoip blocker for Linux based on a whitelist for a specific country.
Automatic geoip blocker for Linux based on a whitelist for a specific country. - GitHub - blunderful-scripts/geoblocker_bash: Automatic geoip blocker for Linux based on a whitelist for a specific c...
github.com
I'm running Debian on my server, so I'm reasonably sure that the scripts will work on most Debian derivatives like Ubuntu and Mint. Not sure about other distros, but feel free to test and let me know.
P.s. I tried my best to make the code as fault resistant as possible, so I don't expect it to break your system or cause any major issues (unless misconfigured). However, I recommend you to review the code and test by yourself before permanent deployment.
