Windows Server
Utilizar o script import-firewall-blocklist.ps1 que cria uma lista de restrições baseadas nos ips/faixas de ips informados no arquivo .txt
Para executar deve ser usado o powershell, a ativado o recurso de execucao de scripts com o comando:
Set-ExecutionPolicy RemoteSigned
Referência:
//stackoverflow.com/questions/4037939/powershell-says-execution-of-scripts-is-disabled-on-this-system
Algumas fontes para listas de ip´s:
//www.ipdeny.com/ipblocks/
Pode-se obter a lista de ips de forma automática, acessando a url por codigo de pais, exemplo: //www.ipdeny.com/ipblocks/data/countries/xx.zone
Ips da China cn: //www.ipdeny.com/ipblocks/data/countries/cn.zone
Ips Argentina ar: //www.ipdeny.com/ipblocks/data/countries/ar.zone
//www.okean.com/thegoods.html
//www.countryipblocks.net/
//www.wizcrafts.net/iptables-blocklists.html
//www.iblocklist.com
//lite.ip2location.com
Mikrotik
No mirkotik pode-se utilizar uma address list, e duas regras de firewall, uma para input e outra para foward.
Exemplo de script:
- Remove todos os endereços da lista de bloqueio vigente.
- Adiciona os Ip´s a lista de bloqueio.
- Remove as regras antigas de Bloqueio
- Cria as novas regras de bloqueio na 2a posição.
/ip firewall address-list
remove [find list=BLOCK-Country]
add address=203.95.208.0/22 list=BLOCK-Country
add address=203.95.224.0/19 list=BLOCK-Country
add address=203.99.8.0/21 list=BLOCK-Country
add address=203.99.16.0/20 list=BLOCK-Country
add address=203.99.80.0/20 list=BLOCK-Country
add address=203.100.32.0/20 list=BLOCK-Country
add address=203.100.48.0/21 list=BLOCK-Country
add address=203.100.58.0/24 list=BLOCK-Country
add address=203.100.60.0/24 list=BLOCK-Country
add address=203.100.63.0/24 list=BLOCK-Country
add address=203.100.80.0/20 list=BLOCK-Country
add address=203.100.96.0/19 list=BLOCK-Country
add address=203.100.192.0/20 list=BLOCK-Country
add address=203.104.32.0/20 list=BLOCK-Country
add address=203.105.96.0/19 list=BLOCK-Country
add address=203.105.128.0/19 list=BLOCK-Country
add address=203.107.0.0/17 list=BLOCK-Country
add address=203.110.160.0/19 list=BLOCK-Country
add address=203.110.208.0/20 list=BLOCK-Country
add address=203.110.232.0/23 list=BLOCK-Country
add address=203.110.234.0/24 list=BLOCK-Country
add address=203.114.80.0/22 list=BLOCK-Country
add address=203.114.84.0/22 list=BLOCK-Country
add address=203.114.88.0/22 list=BLOCK-Country
add address=203.114.92.0/22 list=BLOCK-Country
add address=203.114.244.0/22 list=BLOCK-Country
add address=203.118.192.0/19 list=BLOCK-Country
add address=203.118.241.0/24 list=BLOCK-Country
add address=203.118.248.0/22 list=BLOCK-Country
add address=203.119.24.0/21 list=BLOCK-Country
add address=203.119.32.0/22 list=BLOCK-Country
add address=203.119.80.0/22 list=BLOCK-Country
add address=203.119.85.0/24 list=BLOCK-Country
add address=203.119.113.0/24 list=BLOCK-Country
add address=203.119.114.0/23 list=BLOCK-Country
add address=203.119.116.0/22 list=BLOCK-Country
add address=203.119.120.0/21 list=BLOCK-Country
add address=203.119.128.0/17 list=BLOCK-Country
add address=203.123.58.0/24 list=BLOCK-Country
add address=203.128.32.0/19 list=BLOCK-Country
add address=203.128.96.0/19 list=BLOCK-Country
add address=203.128.224.0/21 list=BLOCK-Country
/ip firewall filter
remove [find comment=BLOCK-Country]
add action=drop chain=input comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3
add action=drop chain=forward comment="BLOCK-Country" log-prefix="Block Country" src-address-list=BLOCK-Country place-before=3
Linux
Usando .htaccess voce pode bloquear acessos ao seu website diretamente.
order allow,deny
allow from all
# Get up-to-date list from //www.wizcrafts.net/russian-blocklist.html
deny from 2.72.0.0/13 2.92.0.0/14 2.132.0.0/14
deny from 5.34.56.0/22 5.60.0.0/16 5.143.0.0/16
deny from 80.48.0.0/13 80.70.96.0/20
Para boqueio de todos os serviços deve-se utilizar iptables.
Referencias: //www.parkansky.com/china.htm