filtering Ip by country

Discussion in 'General' started by Patrick_elx, Aug 28, 2009.

  1. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    on http://nerdvittles.com/?p=639 an additional layer of security to limit anonymous sip access only from the countries you are expecting call from..

    A nice idea to block foreign sip attacks on your server.
     
  2. gamba47

    Joined:
    May 28, 2009
    Messages:
    595
    Likes Received:
    0
    Thanks for the link!

    Regards. gamba47
     
  3. danardf

    Joined:
    Dec 3, 2007
    Messages:
    8,069
    Likes Received:
    12
    Cool Patrick. Very useful. :)
     
  4. Chilling_Silence

    Joined:
    Sep 23, 2008
    Messages:
    488
    Likes Received:
    0
    I wanted to restrict access to my VPN so it only accepted connections from within my country (The VPN server was in a DC which gave unlimited national traffic, but big costs for international after 4GB).

    Here's what I use, it's a hack-up job but it works surprisingly well!
    Code:
    iptables --flush
    echo 1 > /proc/sys/net/ipv4/ip_forward
    cat /root/firewall/routes.txt | while read currline; do iptables -A INPUT -s $currline -p tcp -m tcp --dport 1723 -j ACCEPT; done
    iptables -A INPUT -p tcp -m tcp --dport 1723 -j DROP
    
    In routes.txt there's just a plain list, such as:
    Code:
    110.173.160.0/20
    110.44.16.0/22
    110.92.16.0/23
    111.65.224.0/20
    111.69.0.0/16
    111.69.2.0/24
    112.109.64.0/24
    112.109.80.0/21
    112.140.176.0/23
    112.140.178.0/23
    
    Could be used the same way, but by changing to UDP port 5060 instead? Secure / easy enough?
    Most ISP's will give you their IP ranges they use if you ask them :)
     

Share This Page