#42 Banning of entire countries via geoiplookup

open
nobody
None
5
2008-05-08
2008-05-08
Anonymous
No

Please support banning of entire countries via geoiplookup.

Many attacks originate from China and countries alike. My website has no intended audience whatsoever in such a country and I would like to ban all IP traffic from a certain country. Adding countries to /etc/hosts.deny will only block a small part of that traffic since most connections are based on IP address only, not on domain names.

Fail2ban can be extended to block failed attempts (or even any attempt) to login from a specified list of countries.

With the increase of attacks from countries that are totally outside of the range of the intended audience, this feature would increase security enormously.

Discussion

  • Nobody/Anonymous

    Logged In: NO

    For sure that this would increase safety on servers. Please, implement this feature.

     
  • JW

    JW - 2008-06-25

    Logged In: YES
    user_id=148365
    Originator: NO

    I also vote for this feature.

     
  • Nobody/Anonymous

    me vote too!! This will be a great addon!

     
  • Matthijs Kooijman

    Uh, I don't actually think that this is something for fail2ban. fail2ban is designed to ban specific IP's when they generate failed login attempts. If you just want to statically ban a range of addresses, you should add such a rule to your regular firewall. I'm not so sure how this geoiplookup thing works, it might not give you one big range of addresses for each country, but can only do a lookup of IP -> country.

    Thus, before each connection attempt, you should do a lookup and decide wether or not to allow this IP on that. This doesn't fit fail2ban either, since fail2ban only does banning after a login attempt, based on log files.

    I'm not a fail2ban developer, but I would recommend closing this feature request as not appropriate for fail2ban.

     
  • Nobody/Anonymous

    Agreed. For such purposes other tools should be used instead.

    In my case I have a deamon called chinaspam running (search for chinaspam geoip). It may be a bit old and not fully working under newer 64 bit kernels but it comes as source code only anyway, and it should be easy to fix the issues.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks