Introduction
This tool will automatically create iptables rules on Linux system to block all connection from one country or more. The blocklist is created with an API that fetch data in our SQL database based on IP address country location.
Data accuracy
The list of IP address by country below is a grouping of IP by country and CIDR of our database. The data has over 99.5% accuracy on a country basis. The database is updated monthly.
API Usage
First you need to know the code (ISO 3166 format) of the country you would like to block. The full list is available hereOnce you have the country code, you can now get the list at the following url (Afghanistan and Argentina in this example). If your browser show the data on a single line, simply view the page source code :
http://ipinfodb.com/country_query.php?country=AF,AR
58.147.128.0/19
67.212.160.0/24
80.247.139.0/24
82.205.190.0/21
82.205.198.0/23
82.205.202.0/22
[...]
Automatic bash script
The following script will fetch the right IP addresses of the country you would like to block from our API and then add these rules in iptables.#!/bin/bash ###IPINFODB.COM### ###PUT HERE COMA SEPARATED LIST OF COUNTRY CODE### COUNTRIES="AK,AR" WORKDIR="/home/someuser" ####################################### cd $WORKDIR wget -c --output-document=iptables-blocklist.txt http://ipinfodb.com/country_query.php?country=$COUNTRIES if [ -f iptables-blocklist.txt ]; then iptables -F BLOCKDB="iptables-blocklist.txt" IPS=$(grep -Ev "^#" $BLOCKDB) for i in $IPS do iptables -A INPUT -s $i -j DROP iptables -A OUTPUT -d $i -j DROP done fi rm -f $WORKDIR/iptables-blocklist.txt