Is there any information for Nethserver 7.6 on how to use GeoIP and set up a list of IPs from countries that I wish to ban access or connection ?
I’m getting many unwanted portscans, login attempts or hack attempts on my server from countries that I normally don’t expect any emails or communications.
Appreciate the help…
There were some instructions on GeoIP blocking and also on blocklists. Haven’t tested myself if these methods are up to date, but @filippo_carletti, @jackyes, @bwdjames and other members used them:
Thank you so much for the information… I’d read them up and try to it out…
Much appreciated …
In the meantime, fail2ban is your friend.
Hello everyone, I wanted to know if the geoip service is also available in the latest version.
I would like to configure it only in input that all the traffic natted is allowed only by a list of Italian ip Thanks a lot
Yes, I’m using it, but I still haven’t found time to write some docs.
If you download country zone files (there are a few providers available, one is https://www.ipdeny.com/ipblocks/) and put them in /usr/share/nethserver-blacklist/ipsets/ (appropriately renamed) you can select them using the cockpit UI.
Hi Filippo thanks for the reply I used this list
But what I want to do is the opposite. To avoid having to load too much hardware
that is, block all incoming requests and let only requests with Italian IPs pass. Thank you very much
just a noob question, could it be interesting if we import all the geoip ipset list to our community list?
No, the countries ipsets could be updated once a month (o week).
My idea was to write a script that downloaded all (or some selected) countries into a directory where a new version of the threat shied could search for.
The UI could be extended to treat countries differently in regard to blocklists.