Open source geoip blocker based on a whitelist for anyone who wants it

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

benzine

New Member
May 24, 2023
3
0
1
Hi folks,

Looking at my server logs and seeing constant automated attacks (luckily, so far unsuccessful), I came up with an idea to implement an automated solution for blocking traffic from anywhere outside my country. My server doesn't need to be accessible from abroad, and obviously most (in fact, all) of the malicious attempts come from there. So geoip blocking based on a whitelist is a simple and effective way to improve my server security.

All that led me to sit down and write a suite of bash scripts that implement just that.

Basically the scripts fetch ip list for my country from RIPE (regional Internet registry for Europe, the Middle East and parts of Central Asia), parse it, validate it, add my local network subnet to it, and then configure the iptables firewall to only allow connections from subnets on that list. They also add cron jobs that run periodically and on reboot to keep the list up to date.

I've been gradually improving the scripts for the past week or so, and testing them on my server. So far so good, and malicious bots connections dropped literally to zero.

So I want to share this solution with the community, in the hope that people will find it useful.

I am interested to hear your thoughts about the code, or about bugs if you find any. I am really not a professional coder, so I expect to hear some critique and learn from it.

The code is stored on Github. It comes with an install script to make setup hopefully easy and painless. An uninstall script is also included.

I'm running Debian on my server, so I'm reasonably sure that the scripts will work on most Debian derivatives like Ubuntu and Mint. Not sure about other distros, but feel free to test and let me know.

P.s. I tried my best to make the code as fault resistant as possible, so I don't expect it to break your system or cause any major issues (unless misconfigured). However, I recommend you to review the code and test by yourself before permanent deployment.
 

benzine

New Member
May 24, 2023
3
0
1
Welcome! Very admirable effort!

You might find a similar solution in open source enterprise class firewall software pfSense® - World's Most Trusted Open Source Firewall with additional package pfBlockerNG, which has GEOIP white/black list built in.
Thank you for your kind words! Of course I am aware that other solutions exist, however I didn't find any that do not require either continuous manual tinkering or installing a different OS, possibly on a dedicated machine. That's why I went ahead and made my own implementation.
 

elvisimprsntr

Active Member
May 9, 2021
149
65
28
Florida
Thank you for your kind words! Of course I am aware that other solutions exist, however I didn't find any that do not require either continuous manual tinkering or installing a different OS, possibly on a dedicated machine. That's why I went ahead and made my own implementation.
Hopefully, you are not exposing your sever directly to the WAN. A secure VPN a better answer and eliminates the need for the mitigations you have implemented.
 
Last edited:

benzine

New Member
May 24, 2023
3
0
1
Hopefully, you are not exposing your sever to the WAN. A secure VPN a better answer and eliminates the need for the mitigations you have implemented.
Well that machine runs a web server that I need to be able to access from the Internet. So of course, it is exposed to the WAN. It just doesn't require access from abroad.