How To Block All Traffic From China Using iptables and ipset on Amazon Linux
erics, Posted October 24th, 2019 at 8:02:41am
All credit to Matt Wilcox for this excellent article, for which this post is based – thank you, Matt!
https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables/
All commands run as root!
|
1 2 3 4 |
yum install -y ipset vi blockchina (see below for contents) chmod 755 blockchina ./blockchina |
Do this once only:
|
1 |
iptables -A INPUT -p tcp -m set --match-set china src -j DROP; service iptables save |
Then add blockchina to the root cron
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
#!/bin/sh # # blockchina # DIR=/etc # Create the ipset list ipset -N china hash:net # remove any old list that might exist from previous runs of this script rm $DIR/cn.zone # Pull the latest IP set for China wget -P $DIR http://www.ipdeny.com/ipblocks/data/countries/cn.zone # Add each IP address from the downloaded list into the ipset 'china' for i in $(cat $DIR/cn.zone ); do ipset -A china $i; done # Update iptables service iptables restart |
Categories: How-To's, Technology Amazon, Amazon Linux, AWS, Block, China, DDOS, dos, Firewall, ipset, IPTables, Linux, root, traffic
Leave Your Comment
All fields marked with "*" are required.