[olug] list of United States IP blocks
Lou Duchez
lou at paprikash.com
Sat Jan 13 17:57:11 CST 2018
On 1/13/2018 4:48 PM, Christopher Cashell wrote:
> On Fri, Jan 12, 2018 at 6:22 PM, Lou Duchez <lou at paprikash.com> wrote:
>
>> How would one get a list of United States IP blocks from GeoIP?
>>
>> I want to load US IPs into iptables and thus keep much of the riffraff out.
>
> I don't know that there's a great way to do it that won't get you in
> trouble. Most GeoIP databases are "databases" or otherwise large sets that
> may be challenging for iptables. I suppose you could make use of the ipset
> features in recent iptables, but GeoIP databases tend to get updated
> semi-regularly, and you'll want to track those updates or risk challenges.
> I think I remember hearing about an iptables module that could query
> externally for a GeoIP DB, but I've never actually looked into it.
>
> Are you looking to "lock down" specific services? Is this for ssh? Web?
> Other? The reason I ask, is that there may be other options that can help
> reduce your attack surface is simpler, lower maintenance, and less
> cumbersome ways.
Just generally locking services down. There are huge chunks of the
world where there is exactly zero chance of anyone having legitimate
reasons to access our servers, so why even leave the IPs open?
The earlier list I got from ipdeny.com, if it is reliable (so far so
good), is pretty easy to work with. In terms of iptables, so long as I
place the "-ctstate RELATED,ESTABLISHED" rule at the top of my "filter"
table's chains, and the IP checking after that, it shouldn't be much of
a hit on performance (since iptables would have to check the IP list
only to start a new connection).
More information about the OLUG
mailing list