Country block

[Ricky89]

Hello,
anyone use a country block to add another security level (in addition to a good hardware firewall, filtering & mitigation system) against DDoS attacks? If yes, what method are you using? (ex. ISP directly block, geoip addon for IPTables, a database with all subnets of country that you want to block, etc.)

 

[adonradon]

I'm using IPTABLES on my Linux Firewall for countryblock. u should check this website http://ipdeny.com/ipblocks/ for example u can create ipset hash:net then u can add countries addresses whatever u want. For example u can block all countries except ur country, only UK block, only germany block such and such... If u need a help about this u can contact with me or u can post here.

Tools:
LINUX SYSTEM
IPSET
IPTABLES

That's all

 

[Ricky89]

Ya, I'm using the same method on my dedicated servers but I would like to know if there are some other better methods.

 

[JoKeR]

Ya, I'm using the same method on my dedicated servers but I would like to know if there are some other better methods.

Whenever someone backed up with high pps attacks your rules (ratelimit, country blocks etc.) will hurt much more.

I always suggest to get such filtering on network level. Some providers are able to provide you such a feature (ex. seflow).

Everything else is only usable to prevent malious countries from your teamspeak or generally from your server (ex. ssh).

 

[Ricky89]

Whenever someone backed up with high pps attacks your rules (ratelimit, country blocks etc.) will hurt much more.

I always suggest to get such filtering on network level. Some providers are able to provide you such a feature (ex. seflow).

Of course, but I'm talking about the country block as an additional security level to the network, not the main ddos protection, I've specified it on the first post...

 

[SeFlow-matteob]

hi Ricky89,
just use xtable addon http://xtables-addons.sourceforge.net/ very easy to install and you can block using 2 digit country code.