IPBlockCountry – Bloqueio por Pais (Mikrotik/Windows Server/Linux)

Windows Server

Utilizar o script import-firewall-blocklist.ps1 que cria uma lista de restrições baseadas nos ips/faixas de ips informados no arquivo .txt

Para executar deve ser usado o powershell, a ativado o recurso de execucao de scripts com o comando:

Set-ExecutionPolicy RemoteSigned

Referência:
//stackoverflow.com/questions/4037939/powershell-says-execution-of-scripts-is-disabled-on-this-system

Algumas fontes para listas de ip´s:

//www.ipdeny.com/ipblocks/

Pode-se obter a lista de ips de forma automática, acessando a url por codigo de pais, exemplo: //www.ipdeny.com/ipblocks/data/countries/xx.zone

Ips da China cn//www.ipdeny.com/ipblocks/data/countries/cn.zone
Ips Argentina ar//www.ipdeny.com/ipblocks/data/countries/ar.zone

//www.okean.com/thegoods.html
//www.countryipblocks.net/
//www.wizcrafts.net/iptables-blocklists.html
//www.iblocklist.com
//lite.ip2location.com

Mikrotik

No mirkotik pode-se utilizar uma address list, e duas regras de firewall, uma para input e outra para foward.

Exemplo de script:

  1. Remove todos os endereços da lista de bloqueio vigente.
  2. Adiciona os Ip´s a lista de bloqueio.
  3. Remove as regras antigas de Bloqueio
  4. Cria as novas regras de bloqueio na 2a posição.

/ip firewall address-list
remove [find list=BLOCK-Country]
add address=203.95.208.0/22 list=BLOCK-Country
add address=203.95.224.0/19 list=BLOCK-Country
add address=203.99.8.0/21 list=BLOCK-Country
add address=203.99.16.0/20 list=BLOCK-Country
add address=203.99.80.0/20 list=BLOCK-Country
add address=203.100.32.0/20 list=BLOCK-Country
add address=203.100.48.0/21 list=BLOCK-Country
add address=203.100.58.0/24 list=BLOCK-Country
add address=203.100.60.0/24 list=BLOCK-Country
add address=203.100.63.0/24 list=BLOCK-Country
add address=203.100.80.0/20 list=BLOCK-Country
add address=203.100.96.0/19 list=BLOCK-Country
add address=203.100.192.0/20 list=BLOCK-Country
add address=203.104.32.0/20 list=BLOCK-Country
add address=203.105.96.0/19 list=BLOCK-Country
add address=203.105.128.0/19 list=BLOCK-Country
add address=203.107.0.0/17 list=BLOCK-Country
add address=203.110.160.0/19 list=BLOCK-Country
add address=203.110.208.0/20 list=BLOCK-Country
add address=203.110.232.0/23 list=BLOCK-Country
add address=203.110.234.0/24 list=BLOCK-Country
add address=203.114.80.0/22 list=BLOCK-Country
add address=203.114.84.0/22 list=BLOCK-Country
add address=203.114.88.0/22 list=BLOCK-Country
add address=203.114.92.0/22 list=BLOCK-Country
add address=203.114.244.0/22 list=BLOCK-Country
add address=203.118.192.0/19 list=BLOCK-Country
add address=203.118.241.0/24 list=BLOCK-Country
add address=203.118.248.0/22 list=BLOCK-Country
add address=203.119.24.0/21 list=BLOCK-Country
add address=203.119.32.0/22 list=BLOCK-Country
add address=203.119.80.0/22 list=BLOCK-Country
add address=203.119.85.0/24 list=BLOCK-Country
add address=203.119.113.0/24 list=BLOCK-Country
add address=203.119.114.0/23 list=BLOCK-Country
add address=203.119.116.0/22 list=BLOCK-Country
add address=203.119.120.0/21 list=BLOCK-Country
add address=203.119.128.0/17 list=BLOCK-Country
add address=203.123.58.0/24 list=BLOCK-Country
add address=203.128.32.0/19 list=BLOCK-Country
add address=203.128.96.0/19 list=BLOCK-Country
add address=203.128.224.0/21 list=BLOCK-Country

/ip firewall filter
remove [find comment=BLOCK-Country]
add action=drop chain=input comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3
add action=drop chain=forward comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3

Linux

Usando .htaccess voce pode bloquear acessos ao seu website diretamente.

order allow,deny
 allow from all
 # Get up-to-date list from //www.wizcrafts.net/russian-blocklist.html
deny from 2.72.0.0/13 2.92.0.0/14 2.132.0.0/14 
deny from 5.34.56.0/22 5.60.0.0/16 5.143.0.0/16
deny from 80.48.0.0/13 80.70.96.0/20

Para boqueio de todos os serviços deve-se utilizar iptables.

Referencias: //www.parkansky.com/china.htm

Deixe uma resposta

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *